also @ TechSpot: California man finds limits of Verizon FiOS unlimited data broadband service: 77TB

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Hijacked browser, ie script errors, unwanted audio - help

Discussion in 'Virus and Malware Removal' started by Tony R, Apr 20, 2011.

Page 1 of 5

Tony R Newcomer, in training Posts: 45

I have just completed the 8 step process (as far as I can go by myself). Problems with hijacked browser, wiped out my bing toolbars and toolbar access to my favorites. Script errors on internet explorer (while connected or not) and have commercials and sound in background (connected or not).

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 6407

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/20/2011 9:28:31 AM
mbam-log-2011-04-20 (09-28-31).txt

Scan type: Quick scan
Objects scanned: 171679
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-20 11:55:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD4000AAKS-00YGA0 rev.12.01C02
Running: ei9dvczi.exe; Driver: C:\DOCUME~1\TONYR~1\LOCALS~1\Temp\uwlcquob.sys

---- Kernel code sections - GMER 1.0.15 ----

INITc VolSnap.sys BA0F3BD0 4 Bytes [80, A5, 53, 80]
INITc VolSnap.sys BA0F3BF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys BA0F3C20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys BA0F3C48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys BA0F3C70 4 Bytes [7A, A8, 4F, 80]
INITc ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BF2380, 0x2FF527, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[608] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\Explorer.EXE[900] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00BC18D5
.text C:\WINDOWS\Explorer.EXE[900] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00BC1A9D
.text C:\WINDOWS\system32\SearchIndexer.exe[2484] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[2852] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 8A6CEE84
Thread System [4:124] 8A6D1084

---- EOF - GMER 1.0.15 ----

DDS (Ver_11-03-05.01) - NTFSx86
Run by Tony R at 12:50:07.87 on Wed 04/20/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.950 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: My Security Shield *Enabled/Updated* {C8F8DBCE-255A-4F85-BA5B-3C8520887D60}
FW: My Security Shield *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Wireless-N PCI Adapter\WLService.exe
C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~2\STATUS~1.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Tony R\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283189514859
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200096966421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5815/mcfscan.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
IFEO: image file execution options - svchost.exe
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl7d52e461;MpKsl7d52e461;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{babe2718-a346-4dfb-92f4-6f0c8bf99590}\mpksl7d52e461.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{babe2718-a346-4dfb-92f4-6f0c8bf99590}\MpKsl7d52e461.sys [?]
R1 MpKsldcea2621;MpKsldcea2621;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{757ff3ef-a094-4d7c-84f3-6e2a719fb0d6}\MpKsldcea2621.sys [2011-4-20 28752]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2008-1-11 8192]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-1-21 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WMP300NSvc;WMP300NSvc;c:\program files\wireless-n pci adapter\WLService.exe [2009-9-22 53307]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [2009-9-22 9344]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S1 gaennekt;gaennekt;\??\c:\windows\system32\drivers\gaennekt.sys --> c:\windows\system32\drivers\gaennekt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-04-20 19:19:26 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-20 19:17:02 388096 ----a-r- c:\docume~1\tonyr~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-20 19:05:24 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{757ff3ef-a094-4d7c-84f3-6e2a719fb0d6}\MpKsldcea2621.sys
2011-04-20 19:05:15 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{757ff3ef-a094-4d7c-84f3-6e2a719fb0d6}\mpengine.dll
2011-04-16 18:59:11 -------- d-----w- c:\docume~1\tonyr~1\locals~1\applic~1\Western_Digital
2011-04-16 18:58:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Western Digital
2011-04-15 16:11:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 06:48:33 7071056 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-01 06:47:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-01 06:45:38 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 06:21:55 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-01 06:21:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 06:20:57 -------- d-----w- C:\_265984_
2011-04-01 06:20:47 -------- d-----w- c:\program files\common files\xing shared
2011-04-01 05:54:15 -------- d-----w- c:\docume~1\tonyr~1\applic~1\Uniblue
2011-04-01 05:52:33 -------- d-----w- c:\program files\common files\AnswerWorks 4.0
2011-04-01 05:52:21 -------- d-----w- c:\program files\MSN Toolbar
2011-04-01 05:52:21 -------- d-----w- c:\program files\Bing Bar Installer
2011-04-01 05:46:17 -------- d-----w- c:\program files\common files\HP
2011-03-31 17:54:50 -------- d-----w- c:\program files\common files\HP(2)
2011-03-31 17:45:54 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2011-03-31 17:25:09 73728 ----a-w- c:\windows\system32\hppcappm.dll
2011-03-31 17:25:09 392192 ----a-w- c:\windows\system32\ltkrn11n.dll
2011-03-31 17:25:09 118784 ----a-w- c:\windows\system32\ltfil11n.DLL
2011-03-31 16:57:03 -------- d-----w- C:\Color LaserJet 2840 SKINS Error Fix
2011-03-30 15:32:16 -------- d-----w- c:\docume~1\tonyr~1\applic~1\DriverCure
2011-03-30 15:32:15 -------- d-----w- c:\docume~1\tonyr~1\applic~1\ParetoLogic
2011-03-30 14:34:06 -------- d-----w- c:\program files\Trend Micro
2011-03-29 16:11:27 -------- d-----w- c:\docume~1\tonyr~1\locals~1\applic~1\Microsoft Corporation
2011-03-29 16:11:05 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-03-29 14:49:46 -------- d-----w- c:\windows\MATS
2011-03-29 14:49:44 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-03-24 18:14:58 -------- d-----w- c:\docume~1\tonyr~1\applic~1\Registry Mechanic
2011-03-24 18:12:03 -------- d-----w- c:\program files\Xippit
2011-03-24 18:00:50 -------- d-----w- c:\program files\RegServe
2011-03-24 16:41:27 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcE.tmp
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 02:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 8462336 ----a-w- c:\windows\system32\shell32(2)(2).dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 12:50:19.26 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2008 11:25:10 AM
System Uptime: 4/20/2011 9:17:29 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2399/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 373 GiB total, 284.675 GiB free.
D: is CDROM (CDFS)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&10B48CE1&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&10B48CE1&0&01
Service: NVENETFD
.
==== System Restore Points ===================
.
RP555: 1/20/2011 11:05:24 AM - System Checkpoint
RP556: 1/21/2011 11:11:38 AM - System Checkpoint
RP557: 1/22/2011 3:00:14 AM - Software Distribution Service 3.0
RP558: 1/23/2011 3:11:38 AM - System Checkpoint
RP559: 1/23/2011 11:16:18 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP560: 1/23/2011 11:16:44 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP561: 1/24/2011 12:11:35 PM - System Checkpoint
RP562: 1/25/2011 2:29:52 PM - System Checkpoint
RP563: 1/26/2011 3:31:42 PM - System Checkpoint
RP564: 1/27/2011 4:11:36 PM - System Checkpoint
RP565: 1/28/2011 5:11:36 PM - System Checkpoint
RP566: 1/29/2011 6:11:36 PM - System Checkpoint
RP567: 1/30/2011 6:34:33 PM - System Checkpoint
RP568: 1/31/2011 7:11:36 PM - System Checkpoint
RP569: 2/1/2011 8:11:36 PM - System Checkpoint
RP570: 2/2/2011 9:11:36 PM - System Checkpoint
RP571: 2/3/2011 10:11:36 PM - System Checkpoint
RP572: 2/4/2011 11:11:36 PM - System Checkpoint
RP573: 2/6/2011 12:25:51 AM - System Checkpoint
RP574: 2/7/2011 1:11:28 AM - System Checkpoint
RP575: 2/8/2011 2:11:56 AM - System Checkpoint
RP576: 2/9/2011 3:11:27 AM - System Checkpoint
RP577: 2/10/2011 3:00:15 AM - Software Distribution Service 3.0
RP578: 2/11/2011 3:25:04 AM - System Checkpoint
RP579: 2/12/2011 4:25:04 AM - System Checkpoint
RP580: 2/13/2011 5:25:04 AM - System Checkpoint
RP581: 2/14/2011 6:24:59 AM - System Checkpoint
RP582: 2/15/2011 6:28:07 AM - System Checkpoint
RP583: 2/16/2011 7:39:23 AM - Restore Operation
RP584: 2/17/2011 3:00:21 AM - Software Distribution Service 3.0
RP585: 2/17/2011 12:01:38 PM - Installed Home Designer Pro 10 Trial Version
RP586: 2/18/2011 12:38:38 PM - System Checkpoint
RP587: 2/19/2011 12:43:27 PM - System Checkpoint
RP588: 2/20/2011 1:43:21 PM - System Checkpoint
RP589: 2/21/2011 2:11:52 PM - System Checkpoint
RP590: 2/22/2011 2:43:21 PM - System Checkpoint
RP591: 2/23/2011 3:43:21 PM - System Checkpoint
RP592: 2/24/2011 4:43:16 PM - System Checkpoint
RP593: 2/25/2011 4:54:56 PM - System Checkpoint
RP594: 2/26/2011 5:41:25 PM - System Checkpoint
RP595: 2/27/2011 3:43:35 PM - Installed TurboTax 2010 wrapper
RP596: 2/27/2011 3:49:32 PM - Installed TurboTax 2010 waziper
RP597: 2/28/2011 9:13:45 PM - System Checkpoint
RP598: 3/1/2011 9:43:16 PM - System Checkpoint
RP599: 3/2/2011 10:46:55 PM - System Checkpoint
RP600: 3/3/2011 11:42:59 PM - System Checkpoint
RP601: 3/5/2011 12:50:44 AM - System Checkpoint
RP602: 3/6/2011 1:43:00 AM - System Checkpoint
RP603: 3/7/2011 2:42:59 AM - System Checkpoint
RP604: 3/8/2011 3:40:59 AM - System Checkpoint
RP605: 3/9/2011 3:00:14 AM - Software Distribution Service 3.0
RP606: 3/10/2011 3:43:02 AM - System Checkpoint
RP607: 3/11/2011 3:00:14 AM - Software Distribution Service 3.0
RP608: 3/12/2011 3:21:58 AM - System Checkpoint
RP609: 3/13/2011 4:21:58 AM - System Checkpoint
RP610: 3/14/2011 5:21:58 AM - System Checkpoint
RP611: 3/14/2011 12:01:06 PM - Restore Operation
RP612: 3/14/2011 12:18:49 PM - Software Distribution Service 3.0
RP613: 3/15/2011 1:18:36 PM - System Checkpoint
RP614: 3/16/2011 3:03:27 PM - System Checkpoint
RP615: 3/17/2011 3:18:40 PM - System Checkpoint
RP616: 3/18/2011 4:18:40 PM - System Checkpoint
RP617: 3/19/2011 5:33:03 PM - System Checkpoint
RP618: 3/20/2011 6:18:40 PM - System Checkpoint
RP619: 3/21/2011 7:59:39 PM - System Checkpoint
RP620: 3/22/2011 8:53:12 PM - System Checkpoint
RP621: 3/23/2011 10:04:55 PM - Restore Operation
RP622: 3/23/2011 10:11:15 PM - Software Distribution Service 3.0
RP623: 3/24/2011 9:44:42 AM - Installed DirectX
RP624: 3/24/2011 10:28:43 AM - Installed Microsoft Fix it 50393
RP625: 3/24/2011 11:14:32 AM - RegServe restore point
RP626: 3/25/2011 7:12:40 AM - RegServe restore point
RP627: 3/25/2011 6:53:01 PM - Software Distribution Service 3.0
RP628: 3/25/2011 11:41:09 PM - Cleaned registry with Windows Live OneCare safety scanner
RP629: 3/25/2011 11:51:35 PM - Installed Bing Bar
RP630: 3/26/2011 12:22:54 AM - Software Distribution Service 3.0
RP631: 3/27/2011 12:23:20 AM - Software Distribution Service 3.0
RP632: 3/28/2011 12:23:28 AM - Software Distribution Service 3.0
RP633: 3/28/2011 9:03:56 AM - Removed Bing Bar
RP634: 3/28/2011 9:17:55 AM - Installed Bing Bar
RP635: 3/28/2011 9:22:47 AM - Removed Bing Bar
RP636: 3/29/2011 12:23:22 AM - Software Distribution Service 3.0
RP637: 3/29/2011 7:49:10 AM - Installed %1 %2.
RP638: 3/29/2011 8:50:46 AM - Software Distribution Service 3.0
RP639: 3/29/2011 9:11:05 AM - Installed Windows 7 Upgrade Advisor
RP640: 3/29/2011 10:47:39 PM - RegServe restore point
RP641: 3/30/2011 12:23:43 AM - Software Distribution Service 3.0
RP642: 3/30/2011 7:34:05 AM - Installed HiJackThis
RP643: 3/31/2011 12:23:07 AM - Software Distribution Service 3.0
RP644: 3/31/2011 10:46:54 AM - Removed HP Software Update
RP645: 3/31/2011 10:52:35 AM - Printer Driver HP CLJ2840 PCL 6 - Black_White Installed
RP646: 3/31/2011 10:53:58 AM - Printer Driver HP Color LaserJet 2830_2840 Fax Installed
RP647: 3/31/2011 10:43:19 PM - Restore Operation
RP648: 3/31/2011 11:47:23 PM - Software Distribution Service 3.0
RP649: 4/1/2011 3:00:57 AM - Software Distribution Service 3.0
RP650: 4/1/2011 5:43:03 AM - Software Distribution Service 3.0
RP651: 4/2/2011 3:00:14 AM - Software Distribution Service 3.0
RP652: 4/2/2011 5:51:14 AM - Software Distribution Service 3.0
RP653: 4/3/2011 2:22:46 AM - Software Distribution Service 3.0
RP654: 4/3/2011 3:00:14 AM - Software Distribution Service 3.0
RP655: 4/4/2011 3:00:14 AM - Software Distribution Service 3.0
RP656: 4/4/2011 5:50:57 AM - Software Distribution Service 3.0
RP657: 4/5/2011 3:00:14 AM - Software Distribution Service 3.0
RP658: 4/5/2011 5:50:54 AM - Software Distribution Service 3.0
RP659: 4/6/2011 3:00:14 AM - Software Distribution Service 3.0
RP660: 4/6/2011 5:50:59 AM - Software Distribution Service 3.0
RP661: 4/7/2011 3:00:14 AM - Software Distribution Service 3.0
RP662: 4/7/2011 5:51:15 AM - Software Distribution Service 3.0
RP663: 4/8/2011 3:00:14 AM - Software Distribution Service 3.0
RP664: 4/8/2011 5:51:01 AM - Software Distribution Service 3.0
RP665: 4/9/2011 3:00:14 AM - Software Distribution Service 3.0
RP666: 4/9/2011 5:51:09 AM - Software Distribution Service 3.0
RP667: 4/10/2011 2:22:32 AM - Software Distribution Service 3.0
RP668: 4/10/2011 3:00:14 AM - Software Distribution Service 3.0
RP669: 4/11/2011 3:00:14 AM - Software Distribution Service 3.0
RP670: 4/11/2011 5:51:01 AM - Software Distribution Service 3.0
RP671: 4/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP672: 4/12/2011 5:51:05 AM - Software Distribution Service 3.0
RP673: 4/13/2011 3:00:14 AM - Software Distribution Service 3.0
RP674: 4/13/2011 5:51:19 AM - Software Distribution Service 3.0
RP675: 4/14/2011 5:50:56 AM - Software Distribution Service 3.0
RP676: 4/15/2011 3:02:00 AM - Software Distribution Service 3.0
RP677: 4/15/2011 8:00:24 AM - Software Distribution Service 3.0
RP678: 4/15/2011 9:10:57 AM - Installed Java(TM) 6 Update 24
RP679: 4/16/2011 3:00:14 AM - Software Distribution Service 3.0
RP680: 4/16/2011 7:46:54 AM - Installed TurboTax 2010 wrapper
RP681: 4/16/2011 7:54:40 AM - Software Distribution Service 3.0
RP682: 4/16/2011 8:04:41 AM - Installed TurboTax 2010 waziper
RP683: 4/16/2011 8:54:46 AM - Installed TurboTax 2010 wrapper
RP684: 4/16/2011 9:00:37 AM - Installed TurboTax 2010 waziper
RP685: 4/16/2011 2:15:04 PM - Installed TurboTax 2010 wrapper
RP686: 4/17/2011 2:03:29 AM - Software Distribution Service 3.0
RP687: 4/17/2011 3:00:13 AM - Software Distribution Service 3.0
RP688: 4/17/2011 12:17:56 PM - Software Distribution Service 3.0
RP689: 4/18/2011 3:00:17 AM - Software Distribution Service 3.0
RP690: 4/18/2011 12:17:31 PM - Software Distribution Service 3.0
RP691: 4/19/2011 3:00:14 AM - Software Distribution Service 3.0
RP692: 4/19/2011 12:17:35 PM - Software Distribution Service 3.0
RP693: 4/20/2011 3:00:14 AM - Software Distribution Service 3.0
RP694: 4/20/2011 9:11:43 AM - Software Distribution Service 3.0
RP695: 4/20/2011 12:17:01 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.3
AirPlus XtremeG
ANIO Service
ANIWZCS2 Service
Belarc Advisor 8.1
Bing Bar
Bing Bar Platform
Broadcom 802.11 Network Adapter
BufferChm
CP_PLSBusinessFlyers
CreativeProjects
Destinations
Director
DocProc
DocumentViewer
GoGear VIBE Device Manager
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 4.5.0.456
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Color LaserJet 2820/2830/2840 2.0
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Software Update
hpp2800usg
hppCLJ2800
hppDustDevil
hppFaxDrv
hppFonts
hppIOFiles
hppManuals2800
hppscan2800
hppScanTo
hppSendFax
hppTooCool
HPSystemDiagnostics
InstantShare
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java(TM) 6 Update 24
JMB36X Raid Configurer
Junk Mail filter update
LightScribe System Software 1.10.27.1
LightScribeTemplateLabeler
Linksys Wireless-N PCI Adapter
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Move Media Player
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Peachtree Accounting 2007
Peachtree Complete Accounting 2007
PeachTree Signature Ready Forms
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
PhotoGallery
QFolder
Quicken 2007
RangeMax Wireless-N USB Adapter WN111v2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rhapsody
Sage Software Integration Services
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
Sonic UDF Reader
Sony Picture Utility
Sony USB Driver
Sony Vegas Movie Studio Platinum 8.0
System Tool2011
TrayApp
TurboTax 2009
TurboTax 2009 waziper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 waziper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WD SmartWare
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WN111v2
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/14/2011 9:54:55 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer TONY using any of the configured protocols.
.
==== End Of File ===========================

Sorry I don't know how to zip it.

Thanks, Tony R

oops may have posted in wrong forum

Tony R, Apr 20, 2011

#1
Broni Malware Annihilator Posts: 39,425 +177
Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

===================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Apr 20, 2011

#2
Tony R Newcomer, in training Posts: 45

MBR and Combofix logs

Hi Broni. Thanks for your quick response. Had to go to safe mode to run combofix.
First run it blue screened on me. Then CHKDSK took over and repaired several things. Second run of combofix in safe mode went OK, except for the recovery module was not accessible on the internet in safe mode.

Here are the items you requested.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 jraid.sys
0xB9EF3000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xB9EAB000 DRVMCDB.SYS
0xBA128000 PxHelp20.sys
0xB9E94000 KSecDD.sys
0xB9E07000 Ntfs.sys
0xB9DDA000 NDIS.sys
0xB9DC0000 Mup.sys
0xBA5AE000 JGOGO.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8BF2000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8BDE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9D58000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8BCA000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA440000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8BA6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA448000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5EE000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8B83000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8AFE000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xBA208000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8AD6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9D54000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB8A8B000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB8A54000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xBA5F0000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xBA218000 \SystemRoot\system32\DRIVERS\jswscimd.sys
0xBA6F9000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A60000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8A3D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA248000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8A2C000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA258000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB89FC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB899E000 \SystemRoot\system32\DRIVERS\update.sys
0xB9A48000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA278000 \SystemRoot\system32\DRIVERS\wsimd.sys
0xBA288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB51D9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB51B5000 \SystemRoot\system32\drivers\portcls.sys
0xBA178000 \SystemRoot\system32\drivers\drmk.sys
0xBA188000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA614000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB5166000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA61A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA765000 \SystemRoot\System32\Drivers\Null.SYS
0xBA61C000 \SystemRoot\System32\Drivers\Beep.SYS
0xB56A6000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xB569E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB5696000 \SystemRoot\System32\drivers\vga.sys
0xBA61E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA620000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB568E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB5686000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB518D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAEFC6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAEF6D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAEF47000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAEF1F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3045000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB7936000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAEEFD000 \SystemRoot\System32\drivers\afd.sys
0xB3035000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB2F15000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAEED2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAEE62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB0041000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BABE2718-A346-4DFB-92F4-6F0C8BF99590}\MpKsl7d52e461.sys
0xAEDF3000 \SystemRoot\system32\DRIVERS\WN111v2.sys
0xB7742000 \SystemRoot\System32\Drivers\Fips.SYS
0xB48BB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB76F2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB48B7000 \SystemRoot\system32\drivers\hpplsbulk.sys
0xBA418000 \SystemRoot\system32\drivers\HPPLSGEN.SYS
0xBA420000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA57C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAED50000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA580000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA480000 \SystemRoot\system32\DRIVERS\point32.sys
0xBA298000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA590000 \SystemRoot\system32\DRIVERS\Dot4Scan.sys
0xBA594000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xAED38000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA626000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB792E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3F8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA758000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF580000 \SystemRoot\System32\ATMFD.DLL
0xB3601000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA7A6000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAEA82000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xAEB08000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5C2000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xB0079000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAEA6A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAEA54000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xAEAAC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAE8BF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA616000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB0089000 \??\C:\WINDOWS\system32\ANIO.SYS
0xAE7C7000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA3A0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xAE31C000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAE1EF000 \SystemRoot\system32\drivers\wdmaud.sys
0xAE27C000 \SystemRoot\system32\drivers\sysaudio.sys
0xAE218000 \??\C:\PROGRA~1\WIRELE~1\GTNDIS5.SYS
0xAD73F000 \SystemRoot\System32\Drivers\HTTP.sys
0xAD567000 \??\C:\WINDOWS\system32\DNINDIS5.SYS
0xABD2C000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xAB728000 \??\C:\DOCUME~1\TONYR~1\LOCALS~1\Temp\uwlcquob.sys
0xB567E000 \??\C:\DOCUME~1\TONYR~1\LOCALS~1\Temp\mbr.sys
0xAFD86000 \SystemRoot\System32\Drivers\BANTExt.sys
0xAB216000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBA3B0000 \??\C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EB38BE5-C8B3-4470-9095-07B8C4836470}\MpKsl18d14d28.sys
0xAB0E8000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
516 C:\WINDOWS\system32\smss.exe
1164 csrss.exe
1188 C:\WINDOWS\system32\winlogon.exe
1232 C:\WINDOWS\system32\services.exe
1248 C:\WINDOWS\system32\lsass.exe
1448 C:\WINDOWS\system32\svchost.exe
1496 svchost.exe
1536 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1572 C:\WINDOWS\system32\svchost.exe
1688 svchost.exe
1724 svchost.exe
1952 C:\WINDOWS\system32\WLTRYSVC.EXE
1964 C:\WINDOWS\system32\BCMWLTRY.EXE
204 C:\WINDOWS\system32\spoolsv.exe
292 C:\WINDOWS\system32\acs.exe
432 svchost.exe
504 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
776 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
960 C:\Program Files\Java\jre6\bin\jqs.exe
984 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1024 C:\WINDOWS\system32\nvsvc32.exe
1040 C:\WINDOWS\system32\srvany.exe
1052 C:\WINDOWS\system32\HPZipm12.exe
1060 C:\pvsw\bin\w3dbsmgr.exe
1096 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1252 C:\WINDOWS\system32\svchost.exe
1700 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
2348 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2408 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2444 C:\Program Files\Wireless-N PCI Adapter\WLService.exe
2476 C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
2484 C:\WINDOWS\system32\searchindexer.exe
3468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3744 alg.exe
900 C:\WINDOWS\explorer.exe
3344 C:\WINDOWS\system32\rundll32.exe
3404 C:\WINDOWS\RTHDCPL.EXE
3500 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3508 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3516 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3556 C:\WINDOWS\system32\WLTRAY.EXE
3600 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3676 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4048 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
4084 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
2944 C:\Program Files\Microsoft Security Client\msseces.exe
1080 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2432 C:\WINDOWS\system32\ctfmon.exe
2776 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2624 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3428 C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
2704 C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
2816 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3324 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3460 C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~2\STATUS~1.EXE
3736 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
5188 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
9096 C:\Program Files\Real\RealPlayer\Update\realsched.exe
10124 C:\Program Files\Internet Explorer\iexplore.exe
10236 C:\Program Files\Internet Explorer\iexplore.exe
4016 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
5600 C:\WINDOWS\system32\searchprotocolhost.exe
1996 searchfilterhost.exe
3996 C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD4000AAKS-00YGA0, Rev: 12.01C02

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

ComboFix 11-04-20.04 - Tony R 04/21/2011 10:44:02.1.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1649 [GMT -7:00]
Running from: c:\documents and settings\Tony R\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\cHkFk06300
c:\documents and settings\All Users\Application Data\cHkFk06300\cHkFk06300
c:\documents and settings\All Users\Application Data\cHkFk06300\cHkFk06300.exe
c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter
c:\documents and settings\All Users\Start Menu\Programs\Linksys Wireless-N PCI Adapter \Uninstall.lnk
c:\documents and settings\Tony R\Recent\delfile.exe
c:\documents and settings\Tony R\Recent\FW.drv
c:\documents and settings\Tony R\Recent\gid.dll
c:\documents and settings\Tony R\Recent\PE.exe
c:\documents and settings\Tony R\Recent\PE.sys
c:\documents and settings\Tony R\Recent\ppal.exe
c:\documents and settings\Tony R\Recent\runddl.sys
c:\documents and settings\Tony R\Recent\SM.drv
c:\documents and settings\Tony R\Recent\SM.exe
c:\documents and settings\Tony R\Recent\std.dll
c:\documents and settings\Tony R\Recent\tempdoc.drv
c:\documents and settings\Tony R\Recent\tjd.sys
c:\documents and settings\Tony R\Start Menu\Programs\System Tool
c:\documents and settings\Tony R\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\documents and settings\Tony R\WINDOWS
c:\program files\Shared
c:\program files\Shared\shared.sig
c:\windows\system32\SysInfo.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-21 to 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-21 16:24 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9EB38BE5-C8B3-4470-9095-07B8C4836470}\mpengine.dll
2011-04-21 10:00 . 2011-04-21 10:00 -------- d-----w- c:\windows\LastGood.Tmp
2011-04-20 19:19 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-20 19:17 . 2011-04-20 19:17 388096 ----a-r- c:\documents and settings\Tony R\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 18:59 . 2011-04-16 18:59 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Western_Digital
2011-04-16 18:58 . 2011-04-16 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2011-04-16 18:58 . 2011-04-16 18:58 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-15 16:11 . 2011-04-15 16:11 -------- d-----w- c:\program files\Common Files\Java
2011-04-15 16:11 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 06:48 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-01 06:47 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-01 06:45 . 2011-04-01 06:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 06:21 . 2011-04-01 06:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- C:\_265984_
2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- c:\program files\Common Files\xing shared
2011-04-01 05:54 . 2011-04-01 05:54 -------- d-----w- c:\documents and settings\Tony R\Application Data\Uniblue
2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Bing Bar Installer
2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\MSN Toolbar
2011-04-01 05:46 . 2011-04-01 05:46 -------- d-----w- c:\program files\Common Files\HP
2011-03-31 17:45 . 2003-03-19 03:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2011-03-31 17:25 . 2005-03-25 02:48 73728 ----a-w- c:\windows\system32\hppcappm.dll
2011-03-31 17:25 . 2002-04-10 16:19 392192 ----a-w- c:\windows\system32\ltkrn11n.dll
2011-03-31 17:25 . 2002-04-10 16:19 118784 ----a-w- c:\windows\system32\ltfil11n.DLL
2011-03-31 16:57 . 2011-04-01 05:47 -------- d-----w- C:\Color LaserJet 2840 SKINS Error Fix
2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\DriverCure
2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\ParetoLogic
2011-03-30 14:34 . 2011-03-30 14:34 -------- d-----w- c:\program files\Trend Micro
2011-03-29 16:11 . 2011-03-29 16:11 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Microsoft Corporation
2011-03-29 16:11 . 2011-04-01 05:49 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-03-29 15:56 . 2011-03-29 15:56 -------- d-----w- c:\program files\Microsoft.NET
2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\windows\MATS
2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-03-24 18:14 . 2011-03-24 18:14 -------- d-----w- c:\documents and settings\Tony R\Application Data\Registry Mechanic
2011-03-24 18:12 . 2011-04-01 05:54 -------- d-----w- c:\program files\Xippit
2011-03-24 18:00 . 2011-04-01 05:54 -------- d-----w- c:\program files\RegServe
2011-03-24 16:41 . 2011-03-24 16:41 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcE.tmp
2011-03-24 16:34 . 2011-04-01 05:55 -------- d-s---w- c:\documents and settings\New Tony R
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 08:19 . 2009-03-30 23:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-09 08:19 . 2009-03-30 23:20 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 05:33 . 2008-01-10 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2007-07-27 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2007-07-27 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2007-07-27 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2007-07-27 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-08-30 17:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2007-07-27 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2007-07-27 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2007-07-27 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2007-07-27 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 02:19 . 2010-06-09 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-01-10 18:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-01-10 18:20 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-04-25 1273856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-29 274608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
c:\documents and settings\atr\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-1-11 368640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-10-6 1482831]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-4-1 1701224]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/22/2009 1:54 PM 9344]
S1 gaennekt;gaennekt;\??\c:\windows\system32\drivers\gaennekt.sys --> c:\windows\system32\drivers\gaennekt.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:15 AM 135664]
S2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2008 6:02 PM 8192]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
S2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [9/22/2009 3:29 PM 53307]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 19:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
.
2011-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
.
2011-04-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-04-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-813497703-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
.
2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-813497703-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
.
2011-04-21 c:\windows\Tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 10:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-21 10:51:31
ComboFix-quarantined-files.txt 2011-04-21 17:51
.
Pre-Run: 305,457,393,664 bytes free
Post-Run: 305,464,692,736 bytes free
.
- - End Of File - - 49361E26E5521E66258E2A2ADC77B0E4

Tony R, Apr 21, 2011

#3
Broni Malware Annihilator Posts: 39,425 +177
See, if you can run Combofix fix in normal mode now....

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File:: c:\windows\system32\drivers\gaennekt.sys Folder:: c:\documents and settings\Tony R\Application Data\Uniblue c:\documents and settings\Tony R\Application Data\Registry Mechanic Driver:: gaennekt

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
Broni, Apr 21, 2011

#4
Tony R Newcomer, in training Posts: 45

Continuing fix

Hi Broni. Still wasn't able to run ComboFix in normal mode. Had to hard boot after
Combofixed failed to run. Opened notepad and posted codebox info. Dragged
CFScript to Combofix, ran it and it blue screened. Hard boot again. Ran in safe mode. CFScript to Combofix. Still no windows recovery console.

ComboFix 11-04-20.04 - Tony R 04/22/2011 7:46.2.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1646 [GMT -7:00]
Running from: c:\documents and settings\Tony R\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tony R\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\drivers\gaennekt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Tony R\Application Data\Registry Mechanic
c:\documents and settings\Tony R\Application Data\Registry Mechanic\SystemReport.txt
c:\documents and settings\Tony R\Application Data\Uniblue
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gaennekt
.
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-22 14:33 . 2011-04-22 14:33 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{333DB22C-5582-4ABF-A042-94B4FC720BDF}\MpKslebd3ca69.sys
2011-04-22 14:32 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{333DB22C-5582-4ABF-A042-94B4FC720BDF}\mpengine.dll
2011-04-20 19:19 . 2008-02-27 20:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2011-04-20 19:17 . 2011-04-20 19:17 388096 ----a-r- c:\documents and settings\Tony R\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-16 18:59 . 2011-04-16 18:59 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Western_Digital
2011-04-16 18:58 . 2011-04-16 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2011-04-16 18:58 . 2011-04-16 18:58 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-15 16:11 . 2011-04-15 16:11 -------- d-----w- c:\program files\Common Files\Java
2011-04-15 16:11 . 2011-02-03 04:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 06:48 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-01 06:47 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-01 06:45 . 2011-04-01 06:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 06:21 . 2011-04-01 06:21 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- C:\_265984_
2011-04-01 06:20 . 2011-04-01 06:20 -------- d-----w- c:\program files\Common Files\xing shared
2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\Bing Bar Installer
2011-04-01 05:52 . 2011-04-01 05:52 -------- d-----w- c:\program files\MSN Toolbar
2011-04-01 05:46 . 2011-04-01 05:46 -------- d-----w- c:\program files\Common Files\HP
2011-03-31 17:45 . 2003-03-19 03:44 57344 ----a-w- c:\windows\system32\MFC71ENU.DLL
2011-03-31 17:25 . 2005-03-25 02:48 73728 ----a-w- c:\windows\system32\hppcappm.dll
2011-03-31 17:25 . 2002-04-10 16:19 392192 ----a-w- c:\windows\system32\ltkrn11n.dll
2011-03-31 17:25 . 2002-04-10 16:19 118784 ----a-w- c:\windows\system32\ltfil11n.DLL
2011-03-31 16:57 . 2011-04-01 05:47 -------- d-----w- C:\Color LaserJet 2840 SKINS Error Fix
2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\DriverCure
2011-03-30 15:32 . 2011-03-30 15:32 -------- d-----w- c:\documents and settings\Tony R\Application Data\ParetoLogic
2011-03-30 14:34 . 2011-03-30 14:34 -------- d-----w- c:\program files\Trend Micro
2011-03-29 16:11 . 2011-03-29 16:11 -------- d-----w- c:\documents and settings\Tony R\Local Settings\Application Data\Microsoft Corporation
2011-03-29 16:11 . 2011-04-01 05:49 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-03-29 15:56 . 2011-03-29 15:56 -------- d-----w- c:\program files\Microsoft.NET
2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\windows\MATS
2011-03-29 14:49 . 2011-04-01 05:50 -------- d-----w- c:\program files\Microsoft Fix it Center
2011-03-24 18:12 . 2011-04-01 05:54 -------- d-----w- c:\program files\Xippit
2011-03-24 18:00 . 2011-04-01 05:54 -------- d-----w- c:\program files\RegServe
2011-03-24 16:41 . 2011-03-24 16:41 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcE.tmp
2011-03-24 16:34 . 2011-04-01 05:55 -------- d-s---w- c:\documents and settings\New Tony R
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 08:19 . 2009-03-30 23:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-09 08:19 . 2009-03-30 23:20 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-07 05:33 . 2008-01-10 18:21 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2007-07-27 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2007-07-27 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2007-07-27 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2007-07-27 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2007-07-27 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2007-07-27 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2007-07-27 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-08-30 17:41 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2007-07-27 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2007-07-27 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2007-07-27 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2007-07-27 12:00 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2007-07-27 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-03 02:19 . 2010-06-09 17:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-01-10 18:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-01-10 18:20 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"WinSys2"="c:\windows\system32\winsys2.exe" [2006-04-29 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-04-25 1273856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-29 274608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
c:\documents and settings\atr\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-1-11 368640]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-10-6 1482831]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-4-1 1701224]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R1 MpKslebd3ca69;MpKslebd3ca69;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{333DB22C-5582-4ABF-A042-94B4FC720BDF}\MpKslebd3ca69.sys [4/22/2011 7:33 AM 28752]
R2 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2008 6:02 PM 8192]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [1/21/2010 4:24 PM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 AM 20480]
R2 WMP300NSvc;WMP300NSvc;c:\program files\Wireless-N PCI Adapter\WLService.exe [9/22/2009 3:29 PM 53307]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 4:45 PM 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 3:24 AM 453120]
S1 MpKsle25c77ac;MpKsle25c77ac;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F2F010-C553-431D-9B38-3296884BC26D}\MpKsle25c77ac.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F7F2F010-C553-431D-9B38-3296884BC26D}\MpKsle25c77ac.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/18/2009 10:15 AM 135664]
S3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/22/2009 1:54 PM 9344]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 11:54 AM 360547]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 19:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 17:15]
.
2011-04-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-813497703-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
.
2011-04-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-813497703-725345543-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 18:33]
.
2011-04-22 c:\windows\Tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-22 07:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3888)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\jscript.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\Macromed\Flash\Flash10l.ocx
c:\progra~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\hpzipm12.exe
c:\pvsw\bin\w3dbsmgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Wireless-N PCI Adapter\WMP300N.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\SearchProtocolHost.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~2\STATUS~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Completion time: 2011-04-22 08:02:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-22 15:02
ComboFix2.txt 2011-04-21 17:51
.
Pre-Run: 305,464,897,536 bytes free
Post-Run: 305,404,502,016 bytes free
.
- - End Of File - - 642E4C6054F5BABE544DDB7073265E14

Tony R, Apr 22, 2011

#5

Broni Malware Annihilator Posts: 39,425 +177

Restart computer in Safe Mode with Networking, re-run Combofix and see, if you can install recovery console.

Broni, Apr 22, 2011

#6

Tony R Newcomer, in training Posts: 45

Rerun in Safe Mode with Networking

Ran Confix.exe in Safe Mode with Networking. MS Essentials and Windows Firewall disabled. Was not able to connect to internet for Recovery Console.

Tony R, Apr 22, 2011

#7
Broni Malware Annihilator Posts: 39,425 +177
That's fine.

Any current issues?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Apr 22, 2011

#8
Tony R Newcomer, in training Posts: 45

OTL.exe

Had to split the OTL log. No other issues other that I know of other than what we've been looking at.

OTL logfile created on: 4/22/2011 12:52:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tony R\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 284.42 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive D: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ATR-ELECTRIC | User Name: Tony R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
PRC - [2010/12/29 11:33:28 | 000,491,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2010/12/29 11:33:27 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/21 16:27:44 | 009,136,960 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2010/01/21 16:27:42 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/12/03 12:05:08 | 001,701,224 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/10/06 10:25:58 | 001,482,831 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
PRC - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/06/13 05:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/05/10 12:08:29 | 000,008,192 | R--- | M] () -- C:\WINDOWS\system32\srvany.exe
PRC - [2006/05/09 08:09:52 | 005,242,880 | ---- | M] (Linksys) -- C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe
PRC - [2006/03/02 21:57:42 | 000,106,546 | ---- | M] () -- C:\pvsw\bin\w3dbsmgr.exe
PRC - [2005/07/04 16:46:04 | 000,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Wireless-N PCI Adapter\WLService.exe
PRC - [2005/03/24 13:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

========== Modules (SafeList) ==========

MOD - [2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
MOD - [2010/12/29 11:33:38 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP300NSvc)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/21 16:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/06/27 16:24:34 | 000,467,028 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 11:54:52 | 000,360,547 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/05/10 12:08:29 | 000,008,192 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)

========== Driver Services (SafeList) ==========

DRV - [2011/04/22 12:17:29 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EB3DA874-E260-48EE-BAEE-455918EA4837}\MpKsl6fb38f25.sys -- (MpKsl6fb38f25)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/01 16:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 03:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/12/14 04:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/14 23:34:40 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/29 20:31:58 | 000,043,648 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/06/13 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 05:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/04/24 23:51:08 | 000,543,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/03/17 08:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 08:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/02/17 04:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/02/17 04:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/07 04:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/02/02 16:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2004/08/12 19:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Wireless-N PCI Adapter\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2003/05/05 18:25:48 | 000,028,205 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 09 13 A2 6A 82 CA 01 [binary data]
IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-823518204-813497703-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/04/01 17:06:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/31 22:52:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/03/31 22:52:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 13:26:35 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/04/22 07:56:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe (NETGEAR)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk = C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\atr\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1283189514859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200096966421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5815/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tony R\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tony R\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/10 11:23:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/02 18:41:09 | 000,000,113 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.mjpg - C:\WINDOWS\System32\mcmjpg32.dll (MainConcept)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 12:49:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
[2011/04/22 12:14:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/21 10:36:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/21 10:36:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/21 10:36:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/21 10:36:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/21 09:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/21 09:47:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/20 12:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Start Menu\Programs\HiJackThis
[2011/04/20 09:14:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\TFC.exe
[2011/04/16 14:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010
[2011/04/16 11:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Local Settings\Application Data\Western_Digital
[2011/04/16 11:58:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/04/16 11:58:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/04/16 11:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2011/04/15 09:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/15 09:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/31 23:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/31 23:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2011/03/31 23:20:57 | 000,000,000 | ---D | C] -- C:\_265984_
[2011/03/31 23:20:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/03/31 23:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/03/31 22:56:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tony R\Recent
[2011/03/31 22:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2011/03/31 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/03/31 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/03/31 22:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/03/31 10:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP(2)
[2011/03/31 09:57:03 | 000,000,000 | ---D | C] -- C:\Color LaserJet 2840 SKINS Error Fix
[2011/03/30 08:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Application Data\DriverCure
[2011/03/30 08:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Application Data\ParetoLogic
[2011/03/30 07:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/29 09:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tony R\Local Settings\Application Data\Microsoft Corporation
[2011/03/29 09:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/03/29 08:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/29 07:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2011/03/29 07:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2011/03/29 07:49:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/03/24 11:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Xippit
[2011/03/24 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\RegServe
[2011/03/24 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

========== Files - Modified Within 30 Days ==========

[2011/04/22 12:51:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job
[2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
[2011/04/22 12:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/22 12:18:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-813497703-725345543-1006.job
[2011/04/22 12:18:19 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-813497703-725345543-1006.job
[2011/04/22 12:16:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/22 12:16:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/22 12:15:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/22 11:58:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/22 07:56:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/21 09:41:52 | 004,325,821 | R--- | M] () -- C:\Documents and Settings\Tony R\Desktop\ComboFix.exe
[2011/04/21 09:36:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe
[2011/04/20 12:28:05 | 000,315,031 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\Belarc Advisor Current Profile.mht
[2011/04/20 12:25:48 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\HiJackThis.lnk
[2011/04/20 12:19:29 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/04/20 12:19:29 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/04/20 12:04:01 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\dds.scr
[2011/04/20 09:35:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\ei9dvczi.exe
[2011/04/20 09:14:27 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\TFC.exe
[2011/04/16 16:04:36 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/04/16 14:16:03 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\Office Excel 2007.lnk
[2011/04/16 13:53:13 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2011/04/16 11:58:30 | 000,001,169 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/04/16 11:58:30 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/04/16 09:02:39 | 000,341,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 03:23:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 03:17:32 | 000,520,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 03:17:32 | 000,093,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/14 12:40:53 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/04/09 21:39:18 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/04/01 05:42:24 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/01 05:39:50 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/31 23:48:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/31 22:38:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18341684
[2011/03/31 22:38:11 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18341684r
[2011/03/31 22:38:04 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18341684
[2011/03/31 22:19:39 | 000,000,384 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19717940
[2011/03/31 22:17:58 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19717940
[2011/03/31 20:43:38 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19717940r
[2011/03/31 11:13:15 | 000,053,975 | ---- | M] () -- C:\WINDOWS\hppins01.dat.temp
[2011/03/31 10:52:54 | 000,000,655 | ---- | M] () -- C:\WINDOWS\hpbvspst.his
[2011/03/31 10:52:40 | 000,003,496 | ---- | M] () -- C:\WINDOWS\hpbvnstp.his
[2011/03/31 03:00:02 | 002,228,224 | -H-- | M] () -- C:\Documents and Settings\Tony R\My Documents\Inventory.accdb
[2011/03/24 10:51:59 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr
[2011/03/23 21:58:27 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19586868
[2011/03/23 21:54:59 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
[2011/03/23 21:54:53 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\19586868

========== Files Created - No Company Name ==========

[2011/04/21 10:36:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/21 10:36:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/21 10:36:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/21 10:36:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/21 10:36:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/21 09:41:42 | 004,325,821 | R--- | C] () -- C:\Documents and Settings\Tony R\Desktop\ComboFix.exe
[2011/04/21 09:36:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe
[2011/04/20 12:28:05 | 000,315,031 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\Belarc Advisor Current Profile.mht
[2011/04/20 12:19:29 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/04/20 12:19:29 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
[2011/04/20 12:19:29 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2011/04/20 12:19:26 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/04/20 12:17:02 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\HiJackThis.lnk
[2011/04/20 11:59:38 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\dds.scr
[2011/04/20 09:35:24 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Tony R\Desktop\ei9dvczi.exe
[2011/04/16 14:18:00 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk
[2011/04/16 11:58:30 | 000,001,169 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2011/04/16 11:58:30 | 000,001,108 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/03/31 23:56:09 | 000,053,975 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
[2011/03/31 23:56:08 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
[2011/03/31 23:45:44 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/31 22:38:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684r
[2011/03/31 22:38:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684
[2011/03/31 22:38:04 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18341684
[2011/03/31 20:43:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940r
[2011/03/31 20:43:38 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940
[2011/03/31 20:43:34 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19717940
[2011/03/31 10:52:41 | 000,000,655 | ---- | C] () -- C:\WINDOWS\hpbvspst.hi1
[2011/03/31 10:52:41 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.bu1
[2011/03/31 10:52:28 | 000,003,496 | ---- | C] () -- C:\WINDOWS\hpbvnstp.hi1
[2011/03/31 10:52:28 | 000,001,145 | ---- | C] () -- C:\WINDOWS\hpbvnstp.bu1
[2011/03/31 10:48:56 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2011/03/25 18:49:37 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/24 10:51:57 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr
[2011/03/24 10:11:05 | 000,001,770 | ---- | C] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/03/24 10:11:05 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uniblue RegistryBooster.lnk
[2011/03/23 21:54:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
[2011/03/23 21:54:57 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868
[2011/03/23 21:54:53 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19586868
[2011/03/11 03:16:57 | 007,210,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/12 18:49:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/27 13:22:32 | 000,000,212 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/12/27 11:02:28 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Tony R\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 14:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/09/22 17:28:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2009/09/22 17:28:12 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2009/09/22 17:28:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2009/09/22 17:23:57 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2009/09/22 17:23:45 | 000,001,145 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2009/09/22 17:23:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2009/09/22 17:23:33 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2009/09/22 15:29:19 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/09/22 15:29:18 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/09/22 15:29:18 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009/09/22 15:28:46 | 000,000,766 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/09/22 10:59:32 | 000,001,130 | -H-- | C] () -- C:\Documents and Settings\Tony R\Local Settings\Application Data\FASTWiz.html
[2009/09/18 13:29:54 | 000,000,129 | -H-- | C] () -- C:\Documents and Settings\Tony R\Local Settings\Application Data\fusioncache.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/06/27 16:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/01/11 18:41:48 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/11 18:40:31 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/01/11 18:02:18 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\srvany.exe
[2008/01/11 01:03:00 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/01/11 00:40:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2008/01/11 00:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/01/11 00:17:13 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2008/01/11 00:17:11 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2008/01/11 00:17:11 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2008/01/11 00:17:10 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2008/01/11 00:17:10 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2008/01/11 00:17:10 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
[2008/01/11 00:17:10 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2008/01/11 00:17:10 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2008/01/11 00:17:10 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2008/01/11 00:17:10 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2008/01/11 00:06:50 | 000,000,907 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/01/11 00:06:50 | 000,000,263 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/01/11 00:04:47 | 000,011,809 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/01/11 00:04:31 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/11 00:04:31 | 000,002,479 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/11 00:04:22 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/01/10 11:39:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/01/10 11:25:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/01/10 11:21:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/01/10 04:03:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/10 04:00:34 | 000,341,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/27 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/07/27 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/07/27 05:00:00 | 000,520,892 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/07/27 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/07/27 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/07/27 05:00:00 | 000,093,644 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/07/27 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/07/27 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/07/27 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/07/27 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/07/27 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/07/27 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/06/28 09:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/28 09:43:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/06/28 09:43:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/28 09:43:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/06/28 09:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/28 09:43:00 | 001,018,772 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2007/06/28 09:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/28 09:43:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/06/28 09:43:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/06/28 09:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/10 15:06:34 | 000,001,743 | ---- | C] () -- C:\WINDOWS\PCW140.ini
[2005/07/27 07:41:45 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config
[2004/04/18 16:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 16:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2011/03/25 19:37:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\6d23b05
[2011/03/31 22:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLdPaCe06504
[2011/02/17 12:04:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Pro 10 Trial Version
[2008/01/15 15:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/08/06 07:05:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSMCUJWRS
[2010/08/29 08:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2008/01/15 18:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/01/03 09:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2011/04/16 11:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/12/05 13:37:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
[2008/01/11 18:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Peachtree
[2008/01/12 18:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Publish Providers
[2008/01/12 18:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Sony
[2011/02/28 13:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Western Digital
[2010/04/24 06:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Windows Desktop Search
[2010/10/23 15:58:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\atr\Application Data\Windows Search
[2009/09/25 11:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/03/24 09:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\New Tony R\Application Data\Western Digital
[2009/10/17 11:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/30 08:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\DriverCure
[2011/03/31 23:08:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\GetRightToGo
[2011/02/21 11:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Home Designer Pro 10 Trial Version
[2009/09/22 12:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\HotSync
[2011/01/21 07:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Leadertech
[2009/09/22 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\MSNInstaller
[2009/09/22 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\OfficeUpdate12
[2011/03/30 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\ParetoLogic
[2009/09/18 13:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Peachtree
[2009/11/12 11:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Publish Providers
[2009/09/22 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Snapfish
[2009/11/12 11:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Sony
[2011/01/03 09:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Western Digital
[2010/03/22 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Windows Desktop Search
[2010/03/27 10:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tony R\Application Data\Windows Search
[2011/04/22 12:51:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-

Tony R, Apr 22, 2011

#9
Tony R Newcomer, in training Posts: 45

OTL.exe continued

[2011/04/22 12:51:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D2794AE0-1058-40DC-B81E-299A6A3FE22D}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/10 11:23:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/22 15:29:31 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2008/01/10 11:14:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/04/22 12:14:23 | 000,016,292 | ---- | M] () -- C:\ComboFix.txt
[2008/01/10 11:23:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/22 13:37:04 | 000,000,090 | ---- | M] () -- C:\error.log
[2011/01/01 20:11:11 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2008/01/10 11:23:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2008/01/10 11:23:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/07/27 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/24 07:24:46 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/01/11 18:02:07 | 000,040,048 | ---- | M] () -- C:\P9install.log
[2011/04/22 12:15:50 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/01/02 12:51:38 | 000,000,393 | ---- | M] () -- C:\rkill.log
[2010/03/27 13:38:12 | 000,026,458 | ---- | M] () -- C:\WF0409.pdf

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/01/10 11:23:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/05/13 12:40:56 | 000,051,712 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPZPP034.DLL
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/01/14 14:23:04 | 000,001,554 | -H-- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/10 03:59:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/10 03:59:49 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/10 03:59:49 | 000,925,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/24 07:28:24 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/12/23 23:09:40 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/02/10 23:55:30 | 000,000,079 | -H-- | M] () -- C:\Documents and Settings\Tony R\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/21 09:41:52 | 004,325,821 | R--- | M] () -- C:\Documents and Settings\Tony R\Desktop\ComboFix.exe
[2011/04/20 09:35:32 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\ei9dvczi.exe
[2011/04/21 09:36:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tony R\Desktop\MBRCheck.exe
[2011/04/22 12:49:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\OTL.exe
[2007/11/09 15:40:22 | 004,014,832 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tony R\Desktop\OutlookConnector.exe
[2011/04/20 09:14:27 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tony R\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/12/23 23:09:40 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Tony R\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/22 12:49:56 | 000,311,296 | -HS- | M] () -- C:\Documents and Settings\Tony R\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 11:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 11:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 11:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Tony R\My Documents\AsusUpdt70803.zip:SummaryInformation

< End of report >

Tony R, Apr 22, 2011

#10
Tony R Newcomer, in training Posts: 45

Extras.Txt

OTL Extras logfile created on: 4/22/2011 12:52:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Tony R\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 284.42 Gb Free Space | 76.33% Space Free | Partition Type: NTFS
Drive D: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ATR-ELECTRIC | User Name: Tony R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2154375F-A35D-4CB5-A996-3466251F6B3B}" = hpp2800usg
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D5A740-EAA2-012B-AD08-000000000000}" = TurboTax 2009 waziper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{606E5C0D-6039-42A7-988E-9D51DE773AFF}" = hppFonts
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{688EC50D-0155-4490-8DBF-686CD3B2893F}" = hppScanTo
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E5E862-F1FF-412B-B824-9582ED7DE84A}" = hppSendFax
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79B92240-9C65-4DD7-B1AD-59910D2C1353}" = AirPlus XtremeG
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83E0E8FF-F256-4712-934D-DDDF15755B27}" = Sony Vegas Movie Studio Platinum 8.0
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{851D5410-0851-46F0-8836-74E0D8D20196}" = hppDustDevil
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B2EF64A-1D1F-4AD8-91BF-7B5F1BC36E00}" = hppFaxDrv
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA20E409-BDB4-439B-B75B-D5B193546779}" = Linksys Wireless-N PCI Adapter
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3E6DC57-473A-4424-9617-AF60BA8403C3}" = hppCLJ2800
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3134A3-0089-497D-BDAF-BB546401D199}" = Peachtree Accounting 2007
"{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}" = LightScribe System Software 1.10.27.1
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E90F8E55-A3EE-41AF-88E3-ED2EA0ECE46C}" = TurboTax 2010 waziper
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Belarc Advisor" = Belarc Advisor 8.1
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Chrome" = Google Chrome
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{CB3134A3-0089-497D-BDAF-BB546401D199}" = Peachtree Complete Accounting 2007
"Integration Services" = Sage Software Integration Services
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2007
"Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
"Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
"PROR" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.456
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LNKREAD.VBS> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCALAPPDATAFILE.CFX> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCALAPPDATAFILE.CFX> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCALAPPDATAFOLDER.CFX> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 4/22/2011 3:50:20 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCALAPPDATAFOLDER.CFX> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 4/22/2011 3:50:21 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\LOCALSETTINGSFILE.CFX> in the hash map cannot
be updated. Context: Application, SystemIndex Catalog Details: A device attached
to the system is not functioning. (0x8007001f)

Error - 4/22/2011 11:08:57 AM | Computer Name = ATR-ELECTRIC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 4/22/2011 3:13:40 PM | Computer Name = ATR-ELECTRIC | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 4/22/2011 3:49:53 PM | Computer Name = ATR-ELECTRIC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2011 3:49:56 PM | Computer Name = ATR-ELECTRIC | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ OSession Events ]
Error - 9/22/2009 6:44:17 PM | Computer Name = ATR-ELECTRIC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/1/2010 5:11:30 AM | Computer Name = ATR-ELECTRIC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 66
seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/7/2010 1:46:08 PM | Computer Name = ATR-ELECTRIC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/21/2011 1:35:26 PM | Computer Name = ATR-ELECTRIC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BANTExt Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL

Error - 4/21/2011 1:35:48 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/21/2011 1:35:57 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/21/2011 1:35:57 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 4/21/2011 1:36:11 PM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/22/2011 1:17:03 AM | Computer Name = ATR-ELECTRIC | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer TONY using any of
the configured protocols.

Tony R, Apr 22, 2011

#11
Broni Malware Annihilator Posts: 39,425 +177

You didn't say:

Any current issues?

Broni, Apr 22, 2011

#12

Broni Malware Annihilator Posts: 39,425 +177

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-823518204-813497703-725345543-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/03/24 10:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/03/31 22:38:11 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684r
[2011/03/31 22:38:11 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18341684
[2011/03/31 22:38:04 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18341684
[2011/03/31 20:43:38 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940r
[2011/03/31 20:43:38 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19717940
[2011/03/31 20:43:34 | 000,000,384 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19717940
[2011/03/24 10:51:57 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr
[2011/03/23 21:54:59 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868r
[2011/03/23 21:54:57 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19586868
[2011/03/23 21:54:53 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19586868
[2011/03/25 19:37:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\6d23b05
[2011/03/31 22:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLdPaCe06504
[2010/08/06 07:05:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MSMCUJWRS
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Tony R\My Documents\AsusUpdt70803.zip:SummaryInformation

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni, Apr 22, 2011

#13

Tony R Newcomer, in training Posts: 45

Did I miss something?

Tony R, Apr 22, 2011

#14
Broni Malware Annihilator Posts: 39,425 +177

You didn't say how is computer doing.

Broni, Apr 22, 2011

#15
Tony R Newcomer, in training Posts: 45

OTL fix

Here are the fix results. Will start other scans ASAP. The computer is running OK but I still have ie script errors. Haven't tried my browser yet. Unwanted music?

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-823518204-813497703-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Program Files\Registry Mechanic\backup folder moved successfully.
C:\Program Files\Registry Mechanic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\~18341684r moved successfully.
C:\Documents and Settings\All Users\Application Data\~18341684 moved successfully.
C:\Documents and Settings\All Users\Application Data\18341684 moved successfully.
C:\Documents and Settings\All Users\Application Data\~19717940r moved successfully.
C:\Documents and Settings\All Users\Application Data\~19717940 moved successfully.
C:\Documents and Settings\All Users\Application Data\19717940 moved successfully.
C:\Documents and Settings\Tony R\s-1-5-21-823518204-813497703-725345543-1006.rrr moved successfully.
C:\Documents and Settings\All Users\Application Data\~19586868r moved successfully.
C:\Documents and Settings\All Users\Application Data\~19586868 moved successfully.
C:\Documents and Settings\All Users\Application Data\19586868 moved successfully.
C:\Documents and Settings\All Users\Application Data\6d23b05\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\Application Data\6d23b05\MSSSys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\6d23b05\BackUp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\6d23b05 folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\dLdPaCe06504\ not found.
C:\Documents and Settings\All Users\Application Data\MSMCUJWRS folder moved successfully.
ADS C:\Documents and Settings\Tony R\My Documents\AsusUpdt70803.zip:SummaryInformation deleted successfully.
========== COMMANDS ==========

Tony R, Apr 22, 2011

#16
Broni Malware Annihilator Posts: 39,425 +177

I still have ie script errors.

With browsers closed?

Haven't tried my browser yet.

??

Unwanted music?

What about it?

Broni, Apr 22, 2011

#17
Tony R Newcomer, in training Posts: 45

From my original post:

Problems with hijacked browser, wiped out my bing toolbars and toolbar access to my favorites. Script errors on internet explorer (while connected or not) and have commercials and sound in background (connected or not).

I just tried to use my browser and it redirected it to yellow pages, while listening to a commercial in the background.

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Tony R, Apr 22, 2011

#18
Broni Malware Annihilator Posts: 39,425 +177
Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Apr 22, 2011

#19
Tony R Newcomer, in training Posts: 45

ESETScan

FYI. Don't know how important this is but during scan "Internet Explorer cannot open site http://www.thefablife.com/tag/the-daily-hot?113320-150752-21983&xrs=AdOn

Here is the ESET Scan. On to TDSKiller

C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_decryptor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111190.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111191.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111192.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111193.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111194.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111229.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111230.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111231.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111232.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111233.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP623\A0111234.rbf Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119069.exe a variant of Win32/Adware.RegDefense application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119103.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119104.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119105.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119106.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119107.exe Win32/RegistryBooster application
C:\System Volume Information\_restore{A85BE257-A27B-4A9C-8AF6-7A5FFACCCC27}\RP647\A0119108.exe Win32/RegistryBooster application

Tony R, Apr 22, 2011

#20

Page 1 of 5

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.