Software found trojans, but said it couldn't find to delete. Ran 5 step

Solved
By lorilev
Feb 19, 2012
Topic Status:
Not open for further replies.
  1. Below are reports from Kaspersky virus full scan, and SpyBot Search and Destroy from the last few weeks. It's been an ongoing daily scans to chase down these demons. I attempted to install ESET three times and it won't load. Says Error 2002. ESET said they would get back to me as to why, but nothing yet. So appreciate any help with this. Not very tech savvy.

    2/3/2012 12:27:11 PM Task started File Anti-Virus Kaspersky Anti-Virus
    2/3/2012 12:45:49 PM Task started File Anti-Virus Kaspersky Anti-Virus
    2/3/2012 10:25:19 PM Task started File Anti-Virus Kaspersky Anti-Virus
    2/3/2012 10:51:27 PM Task started File Anti-Virus Kaspersky Anti-Virus
    2/4/2012 9:14:32 AM Task started File Anti-Virus Kaspersky Anti-Virus
    2/14/2012 9:45:27 AM Task started File Anti-Virus Kaspersky Anti-Virus
    2/14/2012 9:59:01 AM Processing error F:\30074812.203 Read error Windows Explorer
    2/14/2012 9:59:33 AM Processing error F:\30074812.203 Read error Windows Explorer
    2/17/2012 3:54:30 PM Task started File Anti-Virus Kaspersky Anti-Virus
    2/17/2012 4:34:08 PM Detected: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
    2/17/2012 4:34:36 PM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
    2/17/2012 4:34:36 PM Detected: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\HP_OWNER\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
    2/17/2012 4:34:38 PM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\HP_OWNER\Start Menu\Programs\Multi-channel Sound Manager.lnk Spybot - Search & Destroy
    2/18/2012 3:03:37 AM Detected: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\Default User\Start Menu\Programs\Multi-channel Sound Manager.lnk C11CBBDD5122A73CCEB671C227D9C1D0
    2/18/2012 3:04:07 AM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\DOCUMENTS AND SETTINGS\Default User\Start Menu\Programs\Multi-channel Sound Manager.lnk C11CBBDD5122A73CCEB671C227D9C1D0
    2/18/2012 3:34:01 AM Task started File Anti-Virus Kaspersky Anti-Virus
    2/18/2012 3:58:33 AM Detected: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427711.lnk Generic Host Process for Win32 Services
    2/18/2012 3:58:46 AM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427711.lnk Generic Host Process for Win32 Services
    2/18/2012 4:58:11 AM Detected: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427712.lnk Generic Host Process for Win32 Services
    2/18/2012 4:58:17 AM Deleted: Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427712.lnk Generic Host Process for Win32 Services


    Status: Deleted (events: 6)
    2/18/2012 4:58:17 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427712.lnk High
    2/18/2012 3:58:46 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2585\A0427711.lnk High
    2/17/2012 4:34:38 PM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\HP_Owner\Start Menu\Programs\Multi-channel Sound Manager.lnk High
    2/18/2012 3:04:07 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\Default User\Start Menu\Programs\Multi-channel Sound Manager.lnk High
    2/18/2012 3:33:58 AM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk High
    2/17/2012 4:34:36 PM Deleted Trojan program Exploit.Win32.CVE-2010-2568.gen C:\Documents and Settings\All Users\Start Menu\Programs\Multi-channel Sound Manager.lnk High

    Next post I will paste in the log reports from the 5 steps as this appears to be full.
  2. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    5 step logs added now below mbam, gmer, dds

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    HP_Owner :: LORISOFFICE [administrator]

    Protection: Enabled

    2/19/2012 12:14:39 PM
    mbam-log-2012-02-19 (12-14-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 184959
    Time elapsed: 16 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-19 20:25:23
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160023AS rev.3.43
    Running: m0fccivt.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\fxlcyfod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB6EB758C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB6EB7E0C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB6EB8922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB6EB8E94]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB6EB80EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB6EB6436]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB6EB8D6C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB6EB7192]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB6EB8C28]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB6EB734E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB6EB8FC6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB6EBAC08]
    SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThread [0xB6E855E0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB6EB8CCA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB6EBA5FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB6EB69FA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB6EB6D88]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB6EB8576]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB6EBB5CA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB6EB6ECA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB6EB6F74]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB6EB8382]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB6EBA68C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB6EB6412]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB6EB6424]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB6EBACBC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB6EB70C0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB6EB8F36]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB6EB7E8E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB6EB65DC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB6EB8E04]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB6EB7792]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB6EBAC32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB6EB9068]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB6EB76B6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB6EB701E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB6EB6C46]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB6EBAFD4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB6EB6896]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB6EBA922]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB6EB6B0E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB6EB62B0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB6EB93F2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB6EB92B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB6EBA39A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB6EBDE2C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB6EBB4AC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB6EB6248]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB6EB865C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB6EB7CC8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB6EB9C4A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB6EBA786]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB6EBB114]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB6EB671E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB6EBB1F8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB6EBB320]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB6EBA526]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB6EB790A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB6EB7860]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB6EBAE8A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB6EB79EA]

    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
    Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP B6EAC4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP B6EAC8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
    .text ntkrnlpa.exe!ZwCallbackReturn + 2CAC 80504548 16 Bytes [4E, 73, EB, B6, C6, 8F, EB, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [8C, A6, EB, B6, 12, 64, EB, ...] {MOV WORD [ESI+0x6412b6eb], FS; JMP 0xffffffffffffffbe; AND AL, 0x64; JMP 0xffffffffffffffc2}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [0E, 6B, EB, B6, B0, 62, EB, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [F8, B1, EB, B6, 20, B3, EB, ...] {CLC ; MOV CL, 0xeb; MOV DH, 0x20; MOV BL, 0xeb; MOV DH, 0x26; MOVSD ; JMP 0xffffffffffffffc2}
    .text ntkrnlpa.exe!ZwCallbackReturn + 3038 805048D4 4 Bytes [EA, 79, EB, B6]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB99FE360, 0x1DE8FD, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1348] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71AE0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00444C20 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 0046FCE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3656] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71A20022

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B695DDC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B695DDC0] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Run by HP_Owner at 20:45:14 on 2012-02-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1870 [GMT -7:00]
    .
    AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Bitdefender Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cobian Backup 10\cbVSCService.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    {6d53ec84-6aae-4787-aeee-f4628f01010c}
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
    StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\hp_owner\my documents\rca detective\RCADetective.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177243704066
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{80098379-ACFB-4722-95C0-14E494A1FA61} : DhcpNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-2-3 315408]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-1-5 228208]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
    R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-1 67584]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-19 40776]
    R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-10 21520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
    S2 UPDATESRV;BitDefender Desktop Update Service;"c:\program files\bitdefender\bitdefender 2012\updatesrv.exe" /service --> c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [?]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
    S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 530304]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-10-4 8576]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
    S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-02-17 22:57:44 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 22:57:44 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-04 00:49:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 23:24:34 -------- d-----w- c:\program files\ESET
    2012-02-03 19:25:58 97961 ----a-w- c:\windows\system32\drivers\klick.dat
    2012-02-03 19:25:58 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2012-02-03 19:24:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
    2012-02-03 19:24:32 -------- d-----w- c:\program files\Kaspersky Lab
    2012-02-03 19:20:00 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
    2012-02-03 19:17:39 172523 ----a-w- c:\documents and settings\all users\application data\1328296496.bdinstall.bin
    2012-02-03 17:48:49 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
    2012-02-03 17:47:35 1249 ----a-w- c:\documents and settings\all users\application data\1328289714.240.bin
    2012-02-03 17:31:28 -------- d-----w- c:\documents and settings\hp_owner\application data\QuickScan
    2012-02-03 17:28:33 69417 ----a-w- c:\documents and settings\all users\application data\1328289714.3736.bin
    2012-02-03 17:28:33 -------- d-----w- c:\program files\Bitdefender
    2012-02-03 17:28:26 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.1384.bin
    2012-02-03 17:27:59 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.2480.bin
    2012-02-03 17:27:14 6209 ----a-w- c:\documents and settings\all users\application data\1328289714.640.bin
    2012-02-03 17:27:14 1698 ----a-w- c:\documents and settings\all users\application data\1328289714.3816.bin
    2012-02-03 17:27:14 1670 ----a-w- c:\documents and settings\all users\application data\1328289714.3804.bin
    2012-02-03 17:27:14 10487 ----a-w- c:\documents and settings\all users\application data\1328289714.3700.bin
    2012-02-03 17:22:00 179008 ----a-w- c:\documents and settings\all users\application data\1328289714.2128.bin
    2012-02-03 17:21:58 14632 ----a-w- c:\documents and settings\all users\application data\1328289714.3928.bin
    2012-02-03 17:21:54 43518 ----a-w- c:\documents and settings\all users\application data\1328289714.496.bin
    2012-02-03 17:12:59 -------- d-----w- c:\program files\common files\Bitdefender
    2012-02-02 04:14:45 -------- d-----w- c:\documents and settings\hp_owner\application data\GFI Software
    2012-02-02 04:14:34 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
    2012-02-02 04:13:07 -------- d-----w- c:\program files\GFI Software
    2012-01-25 17:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-25 20:59:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    .
    ============= FINISH: 20:46:45.04 ===============
  3. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Wrong DDS report posted previously. Correct ones posted now

    I'm very new at this and the pop up window after the DDS scan didn't ever show to let me know where the files went. I just found the two-attach and dds.txt. I believe these are correct now. So sorry. I really need help. My computer is running worse now that I've run these exe files. I think I deleted them. Cursor is very slow and processes are taking forever. DDS log reports below.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/13/2006 12:23:45 PM
    System Uptime: 2/19/2012 11:08:15 AM (10 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Amberine
    Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 141 GiB total, 92.827 GiB free.
    D: is FIXED (FAT32) - 8 GiB total, 1.519 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet Pro 8500 A909g
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet Pro 8500 A909g
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP2582: 2/3/2012 6:54:21 AM - System Checkpoint
    RP2583: 2/3/2012 11:12:42 AM - Removed VIPRE Internet Security.
    RP2584: 2/3/2012 12:24:19 PM - Installed Kaspersky Anti-Virus 2010.
    RP2585: 2/3/2012 8:24:50 PM - Software Distribution Service 3.0
    RP2586: 2/17/2012 6:50:00 PM - System Checkpoint
    RP2587: 2/18/2012 3:00:40 AM - Software Distribution Service 3.0
    RP2588: 2/19/2012 7:47:27 AM - System Checkpoint
    RP2589: 2/19/2012 12:36:17 PM - Configured ACS Hardcopy
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    8500A909_eDocs
    8500A909_Help
    8500A909g
    Actiontec Gateway
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.5 - CPSID_49013
    Adobe Acrobat 8.1.5 Professional
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 2.0
    Adobe Photoshop Elements 4.0
    Amazon Seller Desktop
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoStudio 5.5
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software Updater
    Bonjour
    BPD_DSWizards
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Carbonite Online Backup Setup
    Cda Product Service - shared component
    Cobian Backup 10
    Compatibility Pack for the 2007 Office system
    CoolSpeech 5.0 with Mary
    cp_LightScribeConfig
    cp_LightScribePlugin
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    Critical Update for Windows Media Player 11 (KB959772)
    Customer Experience Enhancement
    DBXTriever 4.1
    Destinations
    DeviceDiscovery
    Easy Internet Sign-up
    Enhanced Multimedia Keyboard Solution
    ESET Online Scanner v3
    Fax
    ffdshow [rev 2527] [2008-12-19]
    Free 3GP Video Converter version 3.7.26.602
    Free Video Flip and Rotate version 1.8.12.602
    GdiplusUpgrade
    Google Chrome
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GPBaseService2
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Boot Optimizer
    HP Imaging Device Functions 14.0
    HP Officejet Pro 8500 A909 Series
    HP Solution Center 14.0
    HP Update
    HPProductAssistant
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InterVideo WinDVD Player
    iTunes
    J2SE Runtime Environment 5.0 Update 5
    Java(TM) 6 Update 17
    Java(TM) 6 Update 5
    Kaspersky Anti-Virus 2010
    Lernout & Hauspie TruVoice American English TTS Engine
    LightScribe 1.4.62.1
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.01
    Microsoft IntelliType Pro 6.01
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Money Plus
    Microsoft Money Shared Libraries
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft WSE 2.0 SP3
    Move Networks Media Player for Internet Explorer
    MSN
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.5
    muvee Reveal Seagate Edition
    MyDVD-VR Recorder
    Netscape Browser (remove only)
    Network
    NVIDIA Drivers
    OpenOffice.org Installer 1.0
    PC-Doctor 5 for Windows
    ProductContext
    PS2
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    QuickConnect
    QuickTime
    Qwest Installer
    Qwest QuickAssist Desktop Tools
    Rapport
    RCA Detective™ 2.0.0.99
    RCA Digital Voice Manager 5.1.1.2
    RealPlayer
    Remove IntelliMover Demo
    Remove WeatherBug Installer
    Safari
    SAMSUNG USB Driver for Mobile Phones
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SolutionCenter
    Sonic Express Labeler
    Sonic MyDVD-VR
    Sonic MyDVD Deluxe
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Spybot - Search & Destroy
    Status
    Symantec Technical Support Web Controls
    TextSound
    Toolbox
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Updates from HP (remove only)
    Verizon V CAST Media Manager
    VGA USB Camera
    VLC media player 1.0.5
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live installer
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WModem Driver Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/19/2012 3:48:03 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    2/19/2012 11:11:31 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    2/19/2012 11:11:31 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/19/2012 11:11:30 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    2/19/2012 1:15:43 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    2/18/2012 3:35:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif ftsata2 iaStor IntelIde SBRE ViaIde
    2/14/2012 9:46:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif ftsata2 SBRE
    2/14/2012 9:46:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
    2/14/2012 9:46:59 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/14/2012 9:46:59 AM, error: Service Control Manager [7000] - The BitDefender Desktop Update Service service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
    Run by HP_Owner at 21:48:04 on 2012-02-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2263 [GMT -7:00]
    .
    AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Bitdefender Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Cobian Backup 10\cbVSCService.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\system32\msfeedssync.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    {6d53ec84-6aae-4787-aeee-f4628f01010c}
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\hp_owner\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Cobian Backup 10] "c:\program files\cobian backup 10\Cobian.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
    StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\hp_owner\my documents\rca detective\RCADetective.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
    DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177243704066
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    TCP: Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-2-3 315408]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2012-1-5 228208]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-1 67584]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]
    R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-10 21520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340520]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
    S2 UPDATESRV;BitDefender Desktop Update Service;"c:\program files\bitdefender\bitdefender 2012\updatesrv.exe" /service --> c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [?]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-4 135664]
    S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 530304]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-10-4 8576]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
    S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-02-17 22:57:44 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 22:57:44 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-04 00:49:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 23:24:34 -------- d-----w- c:\program files\ESET
    2012-02-03 19:25:58 97961 ----a-w- c:\windows\system32\drivers\klick.dat
    2012-02-03 19:25:58 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2012-02-03 19:24:33 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
    2012-02-03 19:24:32 -------- d-----w- c:\program files\Kaspersky Lab
    2012-02-03 19:20:00 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
    2012-02-03 19:17:39 172523 ----a-w- c:\documents and settings\all users\application data\1328296496.bdinstall.bin
    2012-02-03 17:48:49 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
    2012-02-03 17:47:35 1249 ----a-w- c:\documents and settings\all users\application data\1328289714.240.bin
    2012-02-03 17:31:28 -------- d-----w- c:\documents and settings\hp_owner\application data\QuickScan
    2012-02-03 17:28:33 69417 ----a-w- c:\documents and settings\all users\application data\1328289714.3736.bin
    2012-02-03 17:28:33 -------- d-----w- c:\program files\Bitdefender
    2012-02-03 17:28:26 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.1384.bin
    2012-02-03 17:27:59 4510 ----a-w- c:\documents and settings\all users\application data\1328289714.2480.bin
    2012-02-03 17:27:14 6209 ----a-w- c:\documents and settings\all users\application data\1328289714.640.bin
    2012-02-03 17:27:14 1698 ----a-w- c:\documents and settings\all users\application data\1328289714.3816.bin
    2012-02-03 17:27:14 1670 ----a-w- c:\documents and settings\all users\application data\1328289714.3804.bin
    2012-02-03 17:27:14 10487 ----a-w- c:\documents and settings\all users\application data\1328289714.3700.bin
    2012-02-03 17:22:00 179008 ----a-w- c:\documents and settings\all users\application data\1328289714.2128.bin
    2012-02-03 17:21:58 14632 ----a-w- c:\documents and settings\all users\application data\1328289714.3928.bin
    2012-02-03 17:21:54 43518 ----a-w- c:\documents and settings\all users\application data\1328289714.496.bin
    2012-02-03 17:12:59 -------- d-----w- c:\program files\common files\Bitdefender
    2012-02-02 04:14:45 -------- d-----w- c:\documents and settings\hp_owner\application data\GFI Software
    2012-02-02 04:14:34 -------- d-----w- c:\documents and settings\all users\application data\GFI Software
    2012-02-02 04:13:07 -------- d-----w- c:\program files\GFI Software
    2012-01-25 17:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-25 20:59:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    .
    ============= FINISH: 21:49:00.23 ===============
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help you sort through this.

    One cause of problems is that you are running 2 antivirus programs:
    AV: Bitdefender Antivirus *Disabled/Outdated*
    AV: Kaspersky Anti-Virus *Disabled/Updated*

    Bit Defender may be outdated, but if you want to use Kaspersky, please remove Bitdefender.

    BitDefender Uninstall Tool
    For Internet Explorer:[​IMG]
    For Firefox: [​IMG]
    1. .After the download completes go to the location where you downloaded and run (double-click) it;
    2. .After a couple of moments the uninstall tool interface will appear;
    3. .Click Uninstall;
    4. .Wait for the tool to display the completion message and then restart your computer.
    ===========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================
    Try the Eset scan again using the following instructions:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Please describe the problems you are having. This will help me help you.
    Also, open Spybot S&D and empty their quarantine folder.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.

    Logs in next reply please/
  5. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Thank you!

    . Thank you so much!! Nice to meet you.. I'm sure you are very busy. Majorly appreciate the help. Before I begin-I have to tell you that I just started up my computer in safe mode because malwarbytes or something kept freezing things up. I tried to stop it from running so I could see what was hogging by system in the files. IT was on top but couldn't stop it. I haven't run bitdefender for ever. Forgot I had it. I don't do much in safe mode and not sure everything works the same so just checking with you so that I follow directions correctly. Can I uninstall bit defender and follow your instructions from safe mode. Currently I have that computer offline, too.
  6. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Ran fine after the GMER. But not after the dds

    After the GMER it ran great last night. But after running the DDS and then turning the computer off and back on...It hasn't been the same since. I uninstalled the BitDefender from safe mode. I just restarted the computer in regular mode and was able to turn off the malwarebytes and turn on Kaspersky but it's very slow in taking orders. On to the next step of your directions. I feel like perhaps the dds didn't get uninstalled properly but I can't find where it would be. I'm here working on this for another hour then have to go out for a few meetings. Will be back later this afternoon. If you see this...let me know about running in safe mode. It seems easier and faster.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Safe Mode is appropriate in some instances, but not all. Some processes don't run in Safe Mode. This mode is not meant for convenience because it's easier and faster. If there is a problem running a particular scan, then we will address that.

    Yes, please go ahead and uninstall BitDefender. Although you may not be using it, there are processes running for it and this could cause a conflict that may make the system more vulnerable and slower.

    DDS is fine and uninstalling BitDefender should not have harmed the system. It is more likely that the malware is trying to protect itself.
    ==================================
    Please boot into Normal Mode and do the Combofix and Eset scans. I have a thought about which of the rogue programs is running, but Combofix will quarantine some of the entries. I will them have you use Safe Mode with Networking>>> but not yet!
  8. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Taking forever to accept commands in normal mode

    Kaspersky is only a trial version so the annoying pop up to buy keeps coming up and I have to wait until I can get it off. I also uninstalled spybot just now in normal mode. Malwarebytes finally stopped running, too. I'm ready to check to see if I ever installed Combofix before installing that. It could take some time to even get into the control panel this way. I am connected to the internet at this point, until I download the Combofix, correct? Did anyone tell you that you were wonderful yet today? Thanks for holding my hand.
  9. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    I see the ESET installer from previous attempts

    I see the ESET installer from previous attempts in my download file.

    Should I delete them before running ESET?

    The autoscan is still running on the ComboFix so I ask this as I'm waiting for that to finish. It's on stage 4

    THanks Bobbye. .
  10. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Bitdefender did not remove apparently! What to do?

    My computer just rebooted as Combo fix is finishing it's log report. A pop up came up saying bit defender firewall is turned off. I ran the uninstall as directed. Will I need to do this process again to be sure the ComboFix ran properly? I'm waiting for it's report right now. In fact, Kapersky and Malwarebytes came on automatically as well when the computer rebooted. Combo Fix says don't run any programs unitl it has finished. What to do?
  11. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Combo Fix report below. But, should I re-do before ESET?

    ComboFix 12-02-19.02 - HP_Owner 02/20/2012 11:14:30.1.1 - x86
    Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: Kaspersky Anti-Virus *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\1328289714.3700.bin
    c:\documents and settings\All Users\Application Data\1328289714.3928.bin
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\HP_Owner\Application Data\HPSU_48BitScanUpdate.log
    c:\documents and settings\HP_Owner\GoToAssistDownloadHelper.exe
    c:\documents and settings\HP_Owner\WINDOWS
    C:\Install.exe
    c:\windows\CdaC13BA.EXE
    c:\windows\CdaC14BA.DLL
    c:\windows\dasetup.log
    c:\windows\EventSystem.log
    c:\windows\HPCPCUninstaller-6.3.2.116-9972322.exe
    c:\windows\system32\351631
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\f
    c:\windows\system32\ps2.bat
    c:\windows\system32\SET15AF.tmp
    c:\windows\system32\SET15BB.tmp
    c:\windows\system32\SET15C4.tmp
    c:\windows\system32\SET15C5.tmp
    c:\windows\system32\SET15C6.tmp
    c:\windows\system32\SET15C9.tmp
    c:\windows\system32\setb0.tmp
    c:\windows\XSxS
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_Fax
    -------\Service_Fax
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-20 16:10 . 2012-02-20 16:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-04 00:49 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-03 23:24 . 2012-02-03 23:24 -------- d-----w- c:\program files\ESET
    2012-02-03 19:25 . 2012-02-03 19:41 97961 ----a-w- c:\windows\system32\drivers\klick.dat
    2012-02-03 19:25 . 2012-02-03 19:41 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2012-02-03 19:24 . 2012-02-20 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2012-02-03 19:24 . 2012-02-03 19:24 -------- d-----w- c:\program files\Kaspersky Lab
    2012-02-03 19:20 . 2012-02-03 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
    2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
    2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
    2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
    2012-02-03 17:28 . 2012-02-03 17:28 -------- d-----w- c:\program files\Bitdefender
    2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
    2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
    2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
    2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
    2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
    2012-02-03 17:12 . 2012-02-03 19:17 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
    2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
    2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-13 68856]
    "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
    "Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-05-19 421376]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-09 198160]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-08-27 45992]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2012-02-03 340520]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
    .
    c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
    RCA Detective.lnk - c:\documents and settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
    2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2012 5:49 PM 652360]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2012 5:49 PM 20464]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S2 UPDATESRV;BitDefender Desktop Update Service;"c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service --> c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [?]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/20/2012 9:10 AM 40776]
    S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
    S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe --> c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-20 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
    MSConfigStartUp-MaxMenuMgr - c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    MSConfigStartUp-Philips Intelligent Agent - c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe
    MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    MSConfigStartUp-SPC_Monitor - c:\windows\Philips\SPC230NC\Monitor.exe
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    AddRemove-CdaC13Ba - c:\windows\CdaC13BA.EXE
    AddRemove-RCA Detective™_is1 - c:\documents and settings\HP_Owner\My Documents\RCA Detective\unins000.exe
    AddRemove-RCA Digital Voice Manager_is1 - c:\documents and settings\HP_Owner\My Documents\RCA Digital Voice Manager\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-20 11:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2156)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\PAStiSvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Trusteer\Rapport\bin\RapportService.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-20 12:08:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-20 19:08
    .
    Pre-Run: 101,177,032,704 bytes free
    Post-Run: 101,554,049,024 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4EF4295EA913F8881CC86346B021EC71
     
  12. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    ESET will not get past step 2 Initialization. Error 2002

    In Google Chrome, I followed the steps to launch ESET scanner, I saved the link on my desktop, I checked the proper boxes and then clicked start. As in the past (and in IE) I get to this same place- step 2 and it says 100% then a red Unexpected error 2002 appears on top of the status bar. The note underneath the bar says: ESET online scanner has already been run on this computer in the past. Only files necessary to update the current version will be downloaded. Please let me know how to proceed. My computer is running much better after the combofix ran. Easier to get around and type. Not as slow. Malwarebytes is off. Kaspersky is on. My only choice now is to hit a back arrow key in the box or check the x at top to close. Let me know. I will leave it open until I hear back. Thanks!
  13. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    ESET scan will not finish. How do I continue clean?

    I've contacted ESET techs, but get no response for troubleshooting my problem. It runs fine on my other computer without a hitch. Any suggestions so I can finish cleaning out the threats on my computer? Thank you.
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay, here the problem:

    You have installed and are currently running 3 antivirus programs:
    1. 2012-02-03 23:24 -------- d-----w- c:\program files\ESET
    2. 2012-02-03 19:24 -------- d-----w- c:\program files\Kaspersky Lab
    3. 2012-02-03 17:28 -------- d-----w- c:\program files\Bitdefender

    It appears they were all downloaded on the same day, 19 days ago. We need to get this down to ! antivirus. If you want to get the Kaspersky subscription, you should update the Trial NOW then Update the program itself for the latest definitions.

    If you don't plan on keeping Kaspersky, uninstall it NOW. Download the archive kavremover.zip.
    • Unpack the archive (for example, using WinZip)
    • Double click on kavremover.exe
    • Enter the code from the picture. If you cannot read the code from the picture, click on the button next to the picture to generate a new code
      [o] The screen will display the products detected.
      [o] You can also select Remove all known products.
    • Click on the button Remove
      [​IMG]
    • Wait until a dialog window appears to inform you that the product was successfully removed
      [​IMG]
    • Click OK
    Images courtesy Kaspersky
    Even the trial should be uninstallable. If it is not: Go to Add.Remove Programs> Uninstall Kaspersky> then use Windows Explorer to access Computer> Local Drive (C)> Programs> Find the Kaspersky folder and do a right click> Delete.

    It appears that you may have downloaded the Eset program instead of the online scan. If that is the case, that's what's causing the problem. Follow the same uninstall direction I gave you for Kaspersky for Eset. IF you do not see it in Add/Remove Programs> open Tools in IE> Manage addons> Look in both sections: addons currently on system and addons previously on system> highlight and disable or remove Eset/Nod32 entry if present.

    If you want to keep Bit Defender, be sure it's updated. But you will need to disable it to run the Combofix scan:
    To temporarily disable BitDefender,you need to press the Settings button (upper right corner) and remove all checkmarks under all modules (Antivirus,Firewall,Antispam.. etc).
    Hit Apply and OK to save the changes.

    Reboot the computer. when you finish fixing the multiple AV programs. Hold off on Eset for now:
    ========================================
    There are multiple entries to be removed from Combofix"
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\drivers\klbg.sys
    c:\windows\system32\drivers\klim5.sys 
    c:\windows\system32\drivers\klmouflt.sys 
    DDS""
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    {6d53ec84-6aae-4787-aeee-f4628f01010c}
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    E: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVP"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    
    Clearjavacache::
    
    Driver::
    klbg
    klim5
    klmouflt
    IEVkbdBHO Class
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
  15. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Do you have a link to a WinZip?

    Good evening Bobbye,
    Believe it...I don't have a WinZip or zip on this computer. Do you have a link to one that you like and is safe? Which Virus protector is best? I'm not sold on any but don't want one that's a big sytstem hog. I uninstalled the bitdefender last night after seeing that it didn't work the first time. Thanks.
  16. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    2nd ComboFix ran -results below-What next?

    Good Morning! Waiting for my next set of orders, now.


    ComboFix 12-02-19.02 - HP_Owner 02/22/2012 1:31.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2497 [GMT -7:00]
    Running from: c:\documents and settings\HP_Owner\My Documents\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-22 07:36 . 2012-02-22 07:36 341547 ----a-w- c:\documents and settings\All Users\Application Data\1329894479.bdinstall.bin
    2012-02-22 07:29 . 2012-02-22 07:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Bitdefender
    2012-02-22 07:27 . 2012-02-22 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
    2012-02-22 07:11 . 2012-02-22 07:11 -------- d-----w- c:\program files\Bitdefender
    2012-02-22 07:08 . 2011-08-16 20:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2012-02-22 07:08 . 2011-10-27 21:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-02-22 06:57 . 2012-02-22 07:08 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-03 19:24 . 2012-02-22 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
    2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
    2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
    2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
    2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
    2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
    2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
    2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
    2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
    2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
    2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-19 00:15 . 2012-01-19 00:15 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-01-19 00:15 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-20_18.55.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-22 08:00 . 2012-02-22 08:00 16384 c:\windows\Temp\Perflib_Perfdata_758.dat
    + 2010-01-20 01:32 . 2010-01-20 01:32 85128 c:\windows\system32\drivers\bdvedisk.sys
    - 2005-06-25 05:32 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-06-25 05:32 . 2012-02-22 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-06-24 22:25 . 2012-02-22 07:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2005-06-24 22:25 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2005-06-24 22:25 . 2012-02-18 22:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-22 07:59 . 2012-02-22 07:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2012-02-03 17:48 . 2012-02-03 17:48 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
    + 2012-02-22 07:31 . 2012-02-22 07:31 2318848 c:\windows\Installer\192db4.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-13 68856]
    "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2011-05-05 4950664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-09 198160]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-08-27 45992]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-01-24 1184640]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
    .
    c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
    RCA Detective.lnk - c:\documents and settings\HP_Owner\My Documents\RCA Detective\RCADetective.exe [N/A]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
    2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [1/18/2012 5:15 PM 609984]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [1/23/2012 7:23 PM 50128]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 240184]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [1/18/2012 5:15 PM 446696]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
    S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-22 01:54
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3644)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-02-22 02:01:53
    ComboFix-quarantined-files.txt 2012-02-22 09:01
    ComboFix2.txt 2012-02-20 19:08
    .
    Pre-Run: 99,860,074,496 bytes free
    Post-Run: 100,059,688,960 bytes free
    .
    - - End Of File - - E1529B643AC4E20E09045407B9F64A33

    Bobbye-Here's the quarantined-files.txt in case you need them, too. :)

    2012-02-22 08:58:20 . 2012-02-22 08:58:20 606 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MSMSGS.reg.dat
    2012-02-20 19:04:20 . 2012-02-20 19:04:20 2,116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RCA Digital Voice Manager_is1.reg.dat
    2012-02-20 19:04:19 . 2012-02-20 19:04:19 1,856 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-RCA Detective™_is1.reg.dat
    2012-02-20 19:04:17 . 2012-02-20 19:04:17 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-CdaC13Ba.reg.dat
    2012-02-20 19:03:43 . 2012-02-20 19:03:43 636 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SpybotSD TeaTimer.reg.dat
    2012-02-20 19:03:43 . 2012-02-20 19:03:43 592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SPC_Monitor.reg.dat
    2012-02-20 19:03:43 . 2012-02-20 19:03:43 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-RoxWatchTray.reg.dat
    2012-02-20 19:03:42 . 2012-02-20 19:03:42 746 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Philips Intelligent Agent.reg.dat
    2012-02-20 19:03:42 . 2012-02-20 19:03:42 670 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MaxMenuMgr.reg.dat
    2012-02-20 19:03:41 . 2012-02-20 19:03:41 616 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-hpqSRMon.reg.dat
    2012-02-20 19:03:40 . 2012-02-20 19:03:40 726 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BlackBerryAutoUpdate.reg.dat
    2012-02-20 19:03:10 . 2012-02-20 19:03:11 142 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Weather.reg.dat
    2012-02-20 18:54:04 . 2004-04-30 13:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
    2012-02-20 18:30:50 . 2012-02-20 18:30:50 4,882 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Fax.reg.dat
    2012-02-20 18:30:50 . 2012-02-20 18:30:50 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_Fax.reg.dat
    2012-02-20 18:26:53 . 2012-02-22 08:48:02 8,377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2012-02-20 18:02:25 . 2012-02-22 08:25:52 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2012-02-03 17:27:14 . 2012-02-03 17:27:21 10,487 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\1328289714.3700.bin.vir
    2012-02-03 17:21:58 . 2012-02-03 17:47:35 14,632 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\1328289714.3928.bin.vir
    2010-08-13 09:25:05 . 2010-10-15 09:21:08 3,916 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\EventSystem.log.vir
    2010-05-18 04:45:38 . 2010-05-18 04:47:23 1,532 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\f.vir
    2008-01-21 00:50:02 . 2008-01-21 00:50:02 61,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\GoToAssistDownloadHelper.exe.vir
    2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\Install.exe.vir
    2007-05-10 18:40:37 . 2007-05-10 18:40:38 19,441 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\dasetup.log.vir
    2006-10-19 03:47:22 . 2006-10-19 03:47:22 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15BB.tmp.vir
    2006-10-19 03:47:18 . 2006-10-19 03:47:18 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15AF.tmp.vir
    2006-10-19 03:47:18 . 2006-10-19 03:47:18 33,792 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C5.tmp.vir
    2006-10-19 03:47:18 . 2006-10-19 03:47:18 37,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C6.tmp.vir
    2006-10-19 03:47:16 . 2006-10-19 03:47:16 321,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C4.tmp.vir
    2006-10-19 03:47:16 . 2006-10-19 03:47:16 175,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET15C9.tmp.vir
    2006-10-07 12:04:42 . 2006-10-07 12:04:40 30,720 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\CdaC13BA.EXE.vir
    2006-10-07 12:04:42 . 2006-10-07 12:04:40 112,128 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\CdaC14BA.DLL.vir
    2006-07-06 19:06:12 . 2006-07-06 19:06:15 2,100 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\HP_Owner\Application Data\HPSU_48BitScanUpdate.log.vir
    2006-04-06 12:36:42 . 2005-01-28 19:44:28 5,525,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\setb0.tmp.vir
    2006-03-08 12:20:49 . 2006-03-08 12:20:49 118,842 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe.vir
    2006-03-08 11:59:50 . 2004-10-25 22:17:56 90,112 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ps2.bat.vir

    NOTES and Questions TO YOU: WHile I was uninstalling and reinstalling bitdefender-it asked me to uninstall the malwarbytes so it wouldn't conflict. I did that. The only defense I had on the system was the firewall that comes standard with Windows apparently. Warning signs came on so it was disabled in its security center. The other programs vp and spam were already off. I didn't know the center even existed.
    Should I enable that now or ever? I don't see it's program file to uninstall or delete it. Where is it hiding and under what name? Should I reinstall Malwarebytes? The mouse seems a little slow but the keyboard is working fine as long as I don't have anything open at the same time. I sure hope it worked this time. Took hours. I went to bed.
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run the CFScript I set up to run through Combofix in Reply #14.
  18. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    I need more instruction

    I thought I did run that Bobbye. I dragged the txt file and dropped it into the exe file and it started the combo fix run. What did I do run. I've never been a good drag and dropper. Could you explain it to this newbie? Thanks and I'll try it again.
     
  19. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    It's in there.

    The exe file says the txt file is already there. When I go to drag it in again-it says " do you want to replace and existing file?" Then it asks if I want to run it. What am I doing wrong?
  20. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Tried again

    This time the txt file actually disappeared when I dragged and dropped into the ComboFIx. I'm sorry to be so lame. I don't understand why it said it was already there if it really wasn't. It's running now. I promise you are not wasting your time and I really do appreciate the time it takes to do all this.
  21. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Combo fix run number 3 txt file

    ComboFix 12-02-22.01 - HP_Owner 02/22/2012 16:53:39.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2517 [GMT -7:00]
    Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .
    FILE ::
    "c:\windows\system32\drivers\klbg.sys"
    "c:\windows\system32\drivers\klim5.sys"
    "c:\windows\system32\drivers\klmouflt.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_KLBG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-22 07:36 . 2012-02-22 07:36 341547 ----a-w- c:\documents and settings\All Users\Application Data\1329894479.bdinstall.bin
    2012-02-22 07:29 . 2012-02-22 07:29 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Bitdefender
    2012-02-22 07:27 . 2012-02-22 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
    2012-02-22 07:11 . 2012-02-22 07:11 -------- d-----w- c:\program files\Bitdefender
    2012-02-22 07:08 . 2011-08-16 20:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2012-02-22 07:08 . 2011-10-27 21:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-02-22 06:57 . 2012-02-22 07:08 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-03 19:24 . 2012-02-22 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
    2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
    2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
    2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
    2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
    2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
    2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
    2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
    2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
    2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
    2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-19 00:15 . 2012-01-19 00:15 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-01-19 00:15 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-02-20_18.55.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-23 00:19 . 2012-02-23 00:19 16384 c:\windows\Temp\Perflib_Perfdata_924.dat
    + 2012-02-23 00:25 . 2012-02-23 00:25 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
    + 2010-01-20 01:32 . 2010-01-20 01:32 85128 c:\windows\system32\drivers\bdvedisk.sys
    + 2005-06-25 05:32 . 2012-02-23 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2005-06-25 05:32 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-06-24 22:25 . 2012-02-23 00:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2005-06-24 22:25 . 2012-02-18 22:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2012-02-22 07:59 . 2012-02-23 00:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2005-06-24 22:25 . 2012-02-18 22:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-03 17:48 . 2012-02-22 07:31 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
    - 2012-02-03 17:48 . 2012-02-03 17:48 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
    + 2012-02-03 17:48 . 2012-02-22 07:31 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
    + 2012-02-22 07:31 . 2012-02-22 07:31 2318848 c:\windows\Installer\192db4.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-01-24 1184640]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
    path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
    backup=c:\windows\pss\RCA Detective.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
    2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HLBackupScheduler]
    2011-05-05 14:11 4950664 ----a-w- c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2006-07-07 23:15 600896 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]
    2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [1/18/2012 5:15 PM 609984]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [1/23/2012 7:23 PM 50128]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 240184]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [1/18/2012 5:15 PM 446696]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
    S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
    .
    2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-22 17:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3736)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bitdefender\Bitdefender 2012\vsserv.exe
    c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\System32\PAStiSvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Trusteer\Rapport\bin\RapportService.exe
    c:\program files\Bitdefender\Bitdefender 2012\seccenter.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-22 17:52:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-23 00:52
    ComboFix2.txt 2012-02-22 09:01
    ComboFix3.txt 2012-02-20 19:08
    .
    Pre-Run: 108,592,693,248 bytes free
    Post-Run: 108,604,989,440 bytes free
    .
    - - End Of File - - 9B5DFE4A854EDD36E1280BB181AFC4B9
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    I made a coding error in one of the entries you ran through the CFFix, so Ill give you that part again. But there are some entries we need to recheck:

    We don't usually request the Qoobox file. However, in your case, seeing it permits me to advise you that there is a proper process for unintalling Combofix- we do that at the end of cleaning. But it appears that Combofix has been run on this system in 2004,2005, 2006, 2007, 2008, 2010 and the current 2/20.

    Since uninstalling Combofix also removes the backups and logs it creates, it means that the uninstalls were never done. Some of the files showing in the Qoobox still appear in the Combofix log, so here's what I'd like you to do:


    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    When done, use Windows explorer (Windows key+E) to access Computer> Local Drive> Look on the C Drive and do a right click> Delete on any Combofix Directory (C:\Combofix)

    Now go down to Programs (still in Windows Explorer)> click on Programs> If there is a Combofix folder> do a right click> Delete.
    ========================================
    Reboot the computer
    =====================================
    Go back to my Reply #4 and pickup the Combofix download at this line:
    "Download Combofix from HERE or HERE and save to the desktop

    Follow the direction to run the new scan. Leave the new log in your next reply.

    We're going to remove some of your 'old stuff' including old System Restore points that were infected. And by the way, did you know it appears you had an infected flash drive back in 2004??

    The only log you need to leave is the log from the new Combofix log. (I don't need the Qoobox log)
  23. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Code error -your codefix corrected version is missing

    Did you mean to include the corrected file for me to run the combo fix now? I don't see it here. I'll go ahead and clean off all the previous versions while I await your reply. Wow. No I had no idea this program had been done in the past. It wasn't done by me! And, I didn't know about a flash drive issue either. I rarely use them ever. Thanks Bobbye.
  24. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Combo fix done again.

    Bobbye- this time I found all the hidden combo fix files, I hope! I even did extra searches to be sure I got everything with that word in it but who knows. I also deleted some lingering Norton files and folders from uninstalled programs that never deleted as I saw them in that doc and settings folder. Also, some old phone and camera folders and files that I don't own anymore.

    While running the scan an error pop up came up saying PEV needs to close. I clicked Ok. It continued without issue. Computer seems to be running fine. Keyboard fast and mouse responsive again. Here's the text file from the log. Maybe I should have waited for you correction file? I sure hope not. Thank you.

    ComboFix 12-02-23.01 - HP_Owner 02/23/2012 13:15:13.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2577 [GMT -7:00]
    Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-23 to 2012-02-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 22:57 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-03 19:17 . 2012-02-03 19:17 172523 ----a-w- c:\documents and settings\All Users\Application Data\1328296496.bdinstall.bin
    2012-02-03 17:48 . 2012-02-03 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-02-03 17:47 . 2012-02-03 17:48 1249 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.240.bin
    2012-02-03 17:31 . 2012-02-03 17:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
    2012-02-03 17:28 . 2012-02-03 17:48 69417 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3736.bin
    2012-02-03 17:28 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.1384.bin
    2012-02-03 17:27 . 2012-02-03 17:28 4510 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2480.bin
    2012-02-03 17:27 . 2012-02-03 17:32 6209 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.640.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1698 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3816.bin
    2012-02-03 17:27 . 2012-02-03 17:30 1670 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.3804.bin
    2012-02-03 17:22 . 2012-02-03 17:48 179008 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.2128.bin
    2012-02-03 17:21 . 2012-02-03 17:33 43518 ----a-w- c:\documents and settings\All Users\Application Data\1328289714.496.bin
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\GFI Software
    2012-02-02 04:14 . 2012-02-02 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\GFI Software
    2012-02-02 04:13 . 2012-02-02 04:13 -------- d-----w- c:\program files\GFI Software
    2012-01-25 17:16 . 2012-01-25 17:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-19 00:15 . 2012-01-19 00:15 446696 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-01-19 00:15 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-01-12 16:53 . 2004-08-04 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57 . 2004-08-04 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-25 20:59 . 2011-11-25 20:59 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-01-24 1184640]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-09 136744]
    .
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-8 27136]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^RCA Detective.lnk]
    path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\RCA Detective.lnk
    backup=c:\windows\pss\RCA Detective.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
    2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
    2009-08-15 19:39 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-15 17:53 136176 ----atw- c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
    2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
    2005-06-02 06:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2006-07-07 23:15 600896 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2006-07-07 23:14 576320 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    2005-02-02 22:44 61440 ----a-w- c:\hp\KBD\kbd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
    2006-11-03 17:01 319488 ----a-w- c:\windows\PixArt\Pac7311\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-08-02 15:30 7110656 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QwestTouchPointAgent]
    2010-08-27 03:59 45992 ----a-w- c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 11:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-04-13 00:53 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-12-09 20:21 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [1/18/2012 5:15 PM 609984]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [1/19/2010 6:32 PM 85128]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [1/5/2012 3:43 PM 228208]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [1/25/2012 10:16 AM 71440]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [6/1/2010 10:13 AM 67584]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [1/25/2012 10:16 AM 931640]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 11:02 AM 1213728]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [1/23/2012 7:23 PM 50128]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [11/25/2011 1:59 PM 240184]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [8/10/2011 8:43 PM 21520]
    S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [1/18/2012 5:15 PM 446696]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [11/17/2011 4:38 PM 63056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/4/2010 5:51 PM 135664]
    S3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [10/18/2005 10:48 AM 530304]
    S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [10/4/2009 4:45 PM 8576]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [1/25/2012 10:16 AM 56208]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [1/25/2012 10:16 AM 164112]
    S3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [10/14/2011 10:57 PM 307544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 18:37]
    .
    2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-05 00:50]
    .
    2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009Core.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1443124371-554635790-1783820382-1009UA.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-07 17:53]
    .
    2012-02-23 c:\windows\Tasks\User_Feed_Synchronization-{D0071EE4-C26E-4CD4-BCDB-A08837CC3708}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    DPF: {64CEA9F9-7116-4ECA-A905-FA3EA28BD0FE} - hxxp://www.tripadvisor.com/cab/wabparser.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-23 13:34
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1856)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-02-23 13:42:38
    ComboFix-quarantined-files.txt 2012-02-23 20:42
    .
    Pre-Run: 114,256,461,824 bytes free
    Post-Run: 114,238,099,456 bytes free
    .
    - - End Of File - - 03BD4EB8606BB92A27008BD43D7FA1A1
  25. lorilev

    lorilev Newcomer, in training Topic Starter Posts: 38

    Is it ok to turn off my computer while i await instructions?

    Hi Bobbye,
    I just wondered if it's alright to turn off the computer while I wait for your next scan instruction or do I need to leave it running. It's kind of noisy. Something with the fan. Thanks.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.