Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Brand new computer infected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Brand new computer infected

Unread postby kaypo » January 8th, 2011, 3:27 pm

I just hooked up my new computer (hasn't been out the box 24 hrs) and a associates child got on my computer without permission yesterday and now malwarebytes and Avira is telling me I have numerous viruses. Over 30 according to malwarebytes. Below is my HiJack log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:35 AM, on 1/8/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10614 bytes
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm
Advertisement
Register to Remove

Re: Brand new computer infected

Unread postby deltalima » January 9th, 2011, 12:07 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby deltalima » January 9th, 2011, 12:24 pm

Hi kaypo,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    Norton Internet Security
    Avira AntiVir Desktop
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Please remove one of them.

Please give more details of the history of this computer.
You say
just hooked up my new computer (hasn't been out the box 24 hrs)
but the computer has an old version of Windows XP and an old version of Internet Explorer that I would not expect to see on a new computer.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby kaypo » January 9th, 2011, 4:43 pm

Yes, I had another computer and this one has been boxed. I like XP and will eventually upgrade to Windows 7. I don't use IE. I use Mozilla. Below is the log for HijackThis.

Adobe Flash Player 10 Plugin
Agere Systems PCI Soft Modem
Avira AntiVir Personal - Free Antivirus
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Holidays from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CC_ccProxyExt
ccCommon
ccPxyCore
Compaq Connections
Compaq Organize
Crystal Maze from Compaq (remove only)
Easy Internet Sign-up
Final Drive Nitro from Compaq (remove only)
Google Toolbar for Internet Explorer
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Document Viewer 6.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 23
KBD
Lexibox Deluxe from Compaq (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office Standard Edition 2003
Microsoft Office XP Media Content
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.13)
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Overball from Compaq (remove only)
PC-Doctor for Windows
Phoenix Assault from Compaq (remove only)
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Remove Adobe Photoshop Album 2.0 Starter Edition installer
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Remove WeatherBug installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shooting Stars Pool from Compaq (remove only)
Slyder from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Super Granny from Compaq (remove only)
SymNet
Tradewinds from Compaq (remove only)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Brand new computer infected

Unread postby deltalima » January 9th, 2011, 4:46 pm

OK - please remove one of the antivirus programs and let me know.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby kaypo » January 9th, 2011, 4:54 pm

I removed Norton.
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Brand new computer infected

Unread postby deltalima » January 9th, 2011, 4:57 pm

Hi kaypo,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby kaypo » January 9th, 2011, 5:12 pm

OTL Post below:

OTL.Txt

OTL logfile created on: 1/9/2011 3:09:34 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 133.87 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.00 Gb Free Space | 16.70% Space Free | Partition Type: FAT32
Drive E: | 598.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KECIA | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\IadHide5.dll (BackWeb)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SymWSC) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (PcdrNdisuio) -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/07 12:47:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/08 07:54:03 | 000,000,000 | ---D | M]

[2011/01/07 12:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2011/01/09 14:55:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r99lmdnz.default\extensions
[2011/01/08 07:54:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\r99lmdnz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/01/09 14:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/08 07:54:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/08 07:53:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/08 07:53:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2876305882-3616364233-307916931-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 15:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O32 - AutoRun File - [2001/02/20 17:14:48 | 000,000,195 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 15:07:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/01/08 18:39:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/01/08 18:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/01/08 13:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/08 11:54:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2011/01/08 10:30:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/01/08 08:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
[2011/01/08 08:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Adobe
[2011/01/08 08:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My eBooks
[2011/01/08 08:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/08 07:56:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/01/08 07:54:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/08 07:54:02 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/08 07:54:02 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/08 07:54:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/08 07:54:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/08 07:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
[2011/01/08 07:33:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/01/08 07:27:55 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/01/08 07:27:04 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/01/08 07:25:50 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/01/08 07:25:49 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/01/08 07:25:48 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/01/08 07:25:47 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2011/01/08 07:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
[2011/01/08 07:19:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/08 07:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/08 07:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/08 07:19:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/08 07:19:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/08 07:18:37 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2011/01/08 07:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\IsolatedStorage
[2011/01/08 07:15:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/08 07:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/01/08 07:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/01/08 07:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\HP
[2011/01/07 21:13:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/01/07 21:12:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/07 21:12:56 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/01/07 21:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
[2011/01/07 19:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/01/07 19:37:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/01/07 19:37:05 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/01/07 19:37:05 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/01/07 19:37:05 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/01/07 19:37:05 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/01/07 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/01/07 19:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/01/07 19:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads
[2011/01/07 15:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/01/07 15:04:31 | 000,000,000 | ---D | C] -- C:\bin
[2011/01/07 15:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2011/01/07 15:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/01/07 15:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/01/07 14:58:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/01/07 14:57:14 | 000,037,376 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l43a.dll
[2011/01/07 14:56:55 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/01/07 14:55:51 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2011/01/07 14:55:51 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2011/01/07 14:55:51 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2011/01/07 14:55:51 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2011/01/07 14:55:51 | 000,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2011/01/07 14:55:51 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2011/01/07 14:54:18 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011/01/07 14:54:12 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/01/07 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/01/07 12:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla
[2011/01/07 12:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
[2011/01/07 12:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/01/07 12:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/07 12:40:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\UserData
[2011/01/07 12:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia
[2011/01/07 12:38:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2011/01/07 12:38:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011/01/07 12:37:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
[2011/01/07 12:37:07 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Cookies
[2011/01/07 12:37:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data
[2011/01/07 12:37:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Favorites
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Real
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Identities
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple Computer
[2011/01/07 12:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
[2011/01/07 12:37:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\SendTo
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Videos
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Music
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents
[2011/01/07 12:37:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Accessories
[2011/01/07 12:37:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Templates
[2011/01/07 12:37:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\PrintHood
[2011/01/07 12:37:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\NetHood
[2011/01/07 12:37:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings
[2011/01/07 12:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS
[2011/01/07 12:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Quicken
[2011/01/07 12:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Online Services
[2011/01/07 12:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft
[2011/01/07 12:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2011/01/07 12:35:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011/01/07 12:32:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/01/07 12:32:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 15:07:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/01/09 14:57:18 | 000,000,179 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/01/09 14:54:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/09 14:54:40 | 527,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 14:38:34 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/09 14:38:34 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/09 14:33:49 | 000,179,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/08 18:48:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/08 11:54:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
[2011/01/08 07:53:08 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/08 07:53:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/08 07:53:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/08 07:53:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/08 07:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/08 07:19:38 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 07:15:59 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2011/01/08 07:14:45 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2011/01/08 07:14:15 | 000,003,649 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2011/01/07 19:37:18 | 000,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/01/07 17:13:34 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\WebReg officejet 6300 series.job
[2011/01/07 15:14:56 | 000,109,142 | ---- | M] () -- C:\WINDOWS\hpoins08.dat
[2011/01/07 15:04:39 | 000,001,902 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/01/07 15:03:17 | 000,000,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2011/01/07 15:03:17 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2011/01/07 15:01:20 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/07 15:00:22 | 000,000,992 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/07 12:53:26 | 000,001,918 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2011/01/07 12:53:17 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/01/07 12:53:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2011/01/07 12:47:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/01/07 12:46:49 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/07 12:46:49 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/07 12:39:41 | 000,002,158 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini
[2011/01/07 12:38:11 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Register with HP.url
[2011/01/07 12:37:48 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 12:37:37 | 000,001,863 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PU167AV-ABA SR1020T NA530_YC_0Pres_QMXG537_E53NAheRED5_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXH2_L409_M504_J160_7Intel_8Pentium 4_92.93_#110107_N10EC8139_Z11C1048C_G80862582.MRK
[2011/01/07 12:36:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 12:36:46 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/01/07 12:34:55 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/09 14:48:47 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt
[2011/01/08 07:19:38 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 07:15:56 | 000,000,213 | RHS- | C] () -- C:\BOOT.BAK
[2011/01/08 07:15:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/08 07:14:45 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2011/01/07 19:37:18 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/01/07 17:13:33 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\WebReg officejet 6300 series.job
[2011/01/07 15:04:39 | 000,001,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/01/07 15:03:17 | 000,000,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Premier.lnk
[2011/01/07 15:03:17 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2011/01/07 15:01:20 | 000,001,816 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/01/07 15:00:22 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/01/07 14:57:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/01/07 13:07:46 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2011/01/07 13:07:45 | 000,109,142 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2011/01/07 13:07:45 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2011/01/07 12:53:28 | 000,001,715 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Compaq Organize.lnk
[2011/01/07 12:53:26 | 000,001,918 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
[2011/01/07 12:53:09 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/01/07 12:47:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/07 12:46:49 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/07 12:46:49 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/01/07 12:38:11 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Register with HP.url
[2011/01/07 12:37:35 | 000,001,863 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PU167AV-ABA SR1020T NA530_YC_0Pres_QMXG537_E53NAheRED5_47_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.20_T050331_WXH2_L409_M504_J160_7Intel_8Pentium 4_92.93_#110107_N10EC8139_Z11C1048C_G80862582.MRK
[2011/01/07 12:37:33 | 527,814,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/07 12:37:08 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/01/07 12:37:08 | 000,001,132 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Help and Support.lnk
[2011/01/07 12:37:08 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/01/07 12:37:08 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/07 12:37:08 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/01/07 12:37:08 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/01/07 12:36:28 | 000,001,951 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL® for Broadband.lnk
[2011/01/07 12:36:28 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2011/01/07 12:36:28 | 000,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL®.lnk
[2011/01/07 12:36:28 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Extended Service Plans.lnk
[2011/01/07 12:36:27 | 000,002,094 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play WildGames.lnk
[2011/01/07 12:36:27 | 000,001,705 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install Quicken New User Edition.lnk
[2011/01/07 12:36:27 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/01/07 12:36:27 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Software Repair Wizard.lnk
[2011/01/07 12:35:51 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2011/01/07 12:30:09 | 000,000,179 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2005/09/14 00:31:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/14 00:29:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/09/14 00:29:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/09/14 00:29:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/09/14 00:29:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/09/14 00:29:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/09/14 00:29:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/09/14 00:00:46 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/09/14 00:00:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/09/14 00:00:20 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/09/13 23:57:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/13 23:45:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/09/13 23:40:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005/09/13 23:30:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/13 23:29:07 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/09/13 23:29:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/09/13 23:28:46 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 04:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/26 15:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/19 16:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 16:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/03 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/06/15 15:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 16:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >


Extras.Txt

OTL Extras logfile created on: 1/9/2011 3:09:34 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 252.00 Mb Available Physical Memory | 50.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 133.87 Gb Free Space | 93.59% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.00 Gb Free Space | 16.70% Space Free | Partition Type: FAT32
Drive E: | 598.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KECIA | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2876305882-3616364233-307916931-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"045C89A0-CA37-443C-8826-F750227DE69C" = Shooting Stars Pool from Compaq (remove only)
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"3330A279-CC39-4A17-AE19-DA464B26AD9A" = Polar Golfer from Compaq (remove only)
"657A0149-EEC7-4FB2-AB4F-CB7AA027748E" = Final Drive Nitro from Compaq (remove only)
"66195170-D19D-46C5-8FB7-8A4630071ADC" = Tradewinds from Compaq (remove only)
"75528D5F-DD82-402E-BA7C-045B7DC6A712" = Blasterball 2 from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9" = Blasterball 2 Remix from Compaq (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_PhotoShop_Album" = Remove Adobe Photoshop Album 2.0 Starter Edition installer
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-6750491 Uninstaller" = Compaq Connections
"BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF" = Blackhawk Striker 2 from Compaq (remove only)
"C43D84CD-EBFC-48D3-A330-7868C8AD415A" = Crystal Maze from Compaq (remove only)
"CCCDE323-C76D-44DA-BB5B-B8ABE767756E" = Phoenix Assault from Compaq (remove only)
"D06AB82F-D68E-405A-9886-AB8804291B6D" = Blasterball 2 Holidays from Compaq (remove only)
"DE87FA96-7840-420C-86F9-33F3B7B3CED1" = Super Granny from Compaq (remove only)
"F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"Help and Support Additions" = Help and Support Additions
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"WeatherBug" = Remove WeatherBug installer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2011 8:14:29 PM | Computer Name = Kecia | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 1/8/2011 1:37:49 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:49 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:49 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:50 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:50 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:50 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:50 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:50 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 1:37:50 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/8/2011 3:33:16 PM | Computer Name = KECIA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k


< End of report >
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Brand new computer infected

Unread postby deltalima » January 9th, 2011, 5:19 pm

Please post GMER log when complete.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby kaypo » January 9th, 2011, 7:05 pm

GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-09 17:05:55
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 ST3160023AS rev.3.43
Running: ypu4kgej.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kgldqpod.sys


---- System - GMER 1.0.15 ----

SSDT F8B26826 ZwCreateKey
SSDT F8B2681C ZwCreateThread
SSDT F8B2682B ZwDeleteKey
SSDT F8B26835 ZwDeleteValueKey
SSDT F8B2683A ZwLoadKey
SSDT F8B26808 ZwOpenProcess
SSDT F8B2680D ZwOpenThread
SSDT F8B26844 ZwReplaceKey
SSDT F8B2683F ZwRestoreKey
SSDT F8B26830 ZwSetValueKey

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Brand new computer infected

Unread postby deltalima » January 10th, 2011, 4:47 am

Hi kaypo,

Please post the logs from Malwarebytes and Avira from the scans where they detected infections.

Please also run a new scan with each and post the latest logs.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby kaypo » January 10th, 2011, 11:23 am

Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/8/2011 10:18:52 AM
mbam-log-2011-01-08 (10-18-51).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 218850
Time elapsed: 1 hour(s), 58 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 7
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\compaq_owner\local settings\temporary internet files\Content.IE5\SJ2L052V\IWON[1].exe (Adware.Iwon) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP2\A0000128.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Avira log:

vira AntiVir Personal
Report file date: Saturday, January 08, 2011 11:34

Scanning for 2336006 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KECIA

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 14:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 14:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 01:38:59
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 01:38:59
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 01:38:59
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 01:38:59
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 01:38:59
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 01:38:59
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 01:39:00
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 01:39:00
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 01:39:01
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 01:39:01
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 01:39:01
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 01:39:01
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 01:39:02
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 01:39:03
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 01:39:03
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 01:39:04
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 01:39:04
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 01:39:05
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 01:39:05
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 01:39:06
VBASE021.VDF : 7.11.1.38 2048 Bytes 1/7/2011 01:39:06
VBASE022.VDF : 7.11.1.39 2048 Bytes 1/7/2011 01:39:06
VBASE023.VDF : 7.11.1.40 2048 Bytes 1/7/2011 01:39:06
VBASE024.VDF : 7.11.1.41 2048 Bytes 1/7/2011 01:39:06
VBASE025.VDF : 7.11.1.42 2048 Bytes 1/7/2011 01:39:07
VBASE026.VDF : 7.11.1.43 2048 Bytes 1/7/2011 01:39:07
VBASE027.VDF : 7.11.1.44 2048 Bytes 1/7/2011 01:39:07
VBASE028.VDF : 7.11.1.45 2048 Bytes 1/7/2011 01:39:07
VBASE029.VDF : 7.11.1.46 2048 Bytes 1/7/2011 01:39:07
VBASE030.VDF : 7.11.1.47 2048 Bytes 1/7/2011 01:39:07
VBASE031.VDF : 7.11.1.57 58368 Bytes 1/7/2011 01:39:08
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 14:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/8/2011 01:39:15
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 14:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 14:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 14:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/8/2011 01:39:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 14:39:49
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/8/2011 01:39:13
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 14:39:42
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/8/2011 01:39:09
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 14:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 14:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 14:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 14:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 14:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 14:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 14:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 14:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 14:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 14:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 14:40:20

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4d60cc17\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Saturday, January 08, 2011 11:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'ALCMTR.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'KBD.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SNDSrvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'Compaq Connections.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'ccApp.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SymWSC.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ccEvtMgr.exe' - '1' Module(s) have been scanned
Scan process 'navapsvc.exe' - '1' Module(s) have been scanned
Scan process 'ccSetMgr.exe' - '1' Module(s) have been scanned
Scan process 'ccProxy.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000326.exe'
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000326.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f640107.qua'.
Begin scan in 'C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000327.EXE'
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000327.EXE
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '57f32ea0.qua'.
Begin scan in 'C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000328.EXE'
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000328.EXE
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '05ac7448.qua'.
Begin scan in 'C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000329.DLL'
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000329.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '639b3b8a.qua'.
Begin scan in 'C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000330.DLL'
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0000330.DLL
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '261f16b4.qua'.
Begin scan in 'C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0001345.exe'
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP5\A0001345.exe
[DETECTION] Contains recognition pattern of the DIAL/90112 dialer
[NOTE] The file was moved to the quarantine directory under the name '590424d5.qua'.


End of the scan: Saturday, January 08, 2011 11:34
Used time: 00:29 Minute(s)

The scan has been done completely.

0 Scanned directories
54 Files were scanned
6 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
48 Files not concerned
0 Archives were scanned
0 Warnings
6 Notes


The scan results will be transferred to the Guard.
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Brand new computer infected

Unread postby deltalima » January 10th, 2011, 11:31 am

OK, please run a new scan with Malwarebytes and with Avira and post the logs.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Brand new computer infected

Unread postby kaypo » January 10th, 2011, 6:24 pm

Current Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/10/2011 3:36:14 PM
mbam-log-2011-01-10 (15-36-14).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 221381
Time elapsed: 56 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Avira log:

Avira AntiVir Personal
Report file date: Monday, January 10, 2011 15:49

Scanning for 2344348 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KECIA

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 14:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 14:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 01:38:59
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 01:38:59
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 01:38:59
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 01:38:59
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 01:38:59
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 01:38:59
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 01:39:00
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 01:39:00
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 01:39:01
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 01:39:01
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 01:39:01
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 01:39:01
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 01:39:02
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 01:39:03
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 01:39:03
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 01:39:04
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 01:39:04
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 01:39:05
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 01:39:05
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 01:39:06
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 21:45:26
VBASE022.VDF : 7.11.1.66 2048 Bytes 1/10/2011 21:45:26
VBASE023.VDF : 7.11.1.67 2048 Bytes 1/10/2011 21:45:26
VBASE024.VDF : 7.11.1.68 2048 Bytes 1/10/2011 21:45:26
VBASE025.VDF : 7.11.1.69 2048 Bytes 1/10/2011 21:45:26
VBASE026.VDF : 7.11.1.70 2048 Bytes 1/10/2011 21:45:26
VBASE027.VDF : 7.11.1.71 2048 Bytes 1/10/2011 21:45:27
VBASE028.VDF : 7.11.1.72 2048 Bytes 1/10/2011 21:45:27
VBASE029.VDF : 7.11.1.73 2048 Bytes 1/10/2011 21:45:27
VBASE030.VDF : 7.11.1.74 2048 Bytes 1/10/2011 21:45:27
VBASE031.VDF : 7.11.1.80 37888 Bytes 1/10/2011 21:45:27
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 14:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/8/2011 01:39:15
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 14:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 14:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 14:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/8/2011 01:39:14
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 14:39:49
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/8/2011 01:39:13
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 14:39:42
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/8/2011 01:39:09
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 14:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 14:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 14:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 14:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 14:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 14:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 14:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 14:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 14:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 14:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 14:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, January 10, 2011 15:49

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '57' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '65' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '26' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '32' Module(s) have been scanned
Scan process 'wuauclt.exe' - '34' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '12' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '17' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '28' Module(s) have been scanned
Scan process 'ALCMTR.EXE' - '30' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '23' Module(s) have been scanned
Scan process 'KBD.EXE' - '52' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '70' Module(s) have been scanned
Scan process 'MDM.EXE' - '20' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '57' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '88' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '53' Module(s) have been scanned
Scan process 'Compaq Connections.exe' - '74' Module(s) have been scanned
Scan process 'ctfmon.exe' - '23' Module(s) have been scanned
Scan process 'jusched.exe' - '19' Module(s) have been scanned
Scan process 'avgnt.exe' - '44' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '15' Module(s) have been scanned
Scan process 'igfxpers.exe' - '21' Module(s) have been scanned
Scan process 'hkcmd.exe' - '20' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '86' Module(s) have been scanned
Scan process 'spoolsv.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '141' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '42' Module(s) have been scanned
Scan process 'winlogon.exe' - '63' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '376' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP7\A0001419.scr
[DETECTION] Is the TR/Trash.Gen Trojan
Begin scan in 'D:\' <PRESARIO_RP>
D:\I386\Apps\APP23993\src\SpyInstall_HPPre.exe
[0] Archive type: RSRC
[DETECTION] Is the TR/Orsam.A.2505 Trojan
--> Object
[1] Archive type: CAB (Microsoft)
--> ssengine.dll
[DETECTION] Is the TR/Orsam.A.2505 Trojan

--> Object
[1] Archive type: RSRC
--> Object
[2] Archive type: CAB (Microsoft)
--> ssengine.dll
[DETECTION] Is the TR/Orsam.A.2505 Trojan

Beginning disinfection:
D:\I386\Apps\APP23993\src\SpyInstall_HPPre.exe
[DETECTION] Is the TR/Orsam.A.2505 Trojan
[NOTE] The file was moved to the quarantine directory under the name '47e02381.qua'.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP7\A0001419.scr
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f880de6.qua'.


End of the scan: Monday, January 10, 2011 16:22
Used time: 32:33 Minute(s)

The scan has been done completely.

6055 Scanned directories
358337 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
358334 Files not concerned
13042 Archives were scanned
0 Warnings
2 Notes
282110 Objects were scanned with rootkit scan
0 Hidden objects were found
kaypo
Regular Member
 
Posts: 104
Joined: October 4th, 2007, 10:08 pm

Re: Brand new computer infected

Unread postby deltalima » January 10th, 2011, 6:40 pm

Hi kaypo,

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 606 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware