Solved Unable to access internet

[chrisb39]

Hello,

I'm working on my nephew's HP Pavilion dv6700 laptop running Windows Vista Home Premium. Intermittently, he is unable to access the internet (is connected, but IE says there's no connection/doesn't display any pages). He's been doing system restores to work around this.

Yesterday, I was not able to access the internet via IE. I ran Avira free antivirus scan and an MBAM scan. It appeared to detect and quarantine several viruses/malware. Today I was able to access the internet via IE. I updated both applications and scanned again. I'd appreciate it if someone could review the results of the scans as outlined in the 8 steps post to make sure the computer is virus/malware free now. Following are the log files.

Thanks for your help!

Chris B.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6043

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/13/2011 4:49:38 PM
mbam-log-2011-03-13 (16-49-38).txt

Scan type: Quick scan
Objects scanned: 153613
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-13 17:14:28
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9200827AS rev.3.BHA
Running: kzdiecp2.exe; Driver: C:\Users\Travis\AppData\Local\Temp\pwryipob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Travis at 17:21:34.58 on Sun 03/13/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1990 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Travis\Desktop\Travis\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-12 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-12 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-12 61960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-12 19:20:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 19:20:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 19:14:54 -------- d-----w- c:\users\travis\appdata\roaming\Avira
2011-03-12 19:12:20 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-12 19:12:18 -------- d-----w- c:\program files\Avira
2011-03-12 19:12:18 -------- d-----w- c:\progra~2\Avira
2011-03-10 20:40:49 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-03-10 20:40:01 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-10 20:40:01 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-10 20:40:00 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-10 20:40:00 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-10 20:40:00 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-10 20:39:07 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-03-10 20:39:07 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-03-10 20:39:07 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-03-10 20:37:07 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-03-10 20:37:07 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-03-10 20:37:07 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-03-10 20:37:07 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-03-10 20:37:07 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-03-10 20:36:42 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-03-10 20:36:16 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-10 20:36:15 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-03-10 20:35:49 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2011-03-10 20:35:25 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-10 20:33:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-10 20:33:16 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-10 20:32:52 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-03-10 20:31:50 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-10 20:31:26 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-03-10 20:30:15 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-03-10 20:28:49 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-03-10 20:28:47 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-03-10 20:27:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-10 20:27:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-10 20:27:53 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-10 20:27:30 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-03-10 20:25:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-03-10 20:25:27 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-03-10 20:21:20 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-03-10 20:21:20 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-03-10 15:12:14 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-10 15:12:14 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-10 15:12:14 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-10 15:12:14 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-10 15:12:14 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-10 15:10:16 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-03-10 15:10:16 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-10 15:10:16 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-03-10 15:10:16 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-03-10 15:10:07 81920 ----a-w- c:\windows\system32\consent.exe
2011-03-10 15:09:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-10 15:08:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-03-10 15:08:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-10 15:08:46 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-10 15:07:10 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-10 15:07:08 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-10 15:06:56 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-10 15:06:50 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-10 15:05:17 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-09 22:08:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-03-09 22:08:20 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 22:08:19 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 22:08:19 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 22:08:19 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 22:08:17 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 22:08:17 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:01:55 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-04 04:24:26 247808 ----a-w- c:\windows\system32\shsvcs(1482).dll
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(967).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(625).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(625)(966).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(625)(1329).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(615).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(615)(1327).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(460).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(460)(965).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(460)(1326).dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf(1331).dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(973).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(629).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(629)(972).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(629)(1339).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(619).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(619)(1337).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(464).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(464)(971).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(464)(1336).dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(1341).dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(648).dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(413).dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(1073).dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(1073)(647).dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(1073)(412).dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(1073)(1003).dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32(1004).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(722).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(722)(1570).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(722)(1080).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(712).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(712)(1568).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(556).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(556)(1566).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(556)(1079).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(1574).dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(1082).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(706).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(706)(1524).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(706)(1056).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(696).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(696)(1522).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(540).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(540)(1520).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(540)(1055).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(1528).dll
2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(1058).dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:22:03.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2009 1:34:00 PM
System Uptime: 3/13/2011 4:38:58 PM (1 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 112.432 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.016 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 4.3
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Driver Detective
DVD Suite
EA Link
GEAR driver installer for x86 and x64
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
LabelPrint
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Slingbox Flash Tour
SlingPlayer
Synaptics Pointing Device Driver
The Sims™ Life Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[chrisb39]

MBRCheck and ComboFix logs

Thanks for your quick reply! The computer continues to run ok; am able to use IE (although the last time I tested this, it said IE was no longer my default browser). Here are the logs you requested.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 155):
0x81C48000 \SystemRoot\system32\ntkrnlpa.exe
0x81C15000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80600000 \SystemRoot\system32\drivers\acpi.sys
0x80646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8064F000 \SystemRoot\system32\drivers\msisadrv.sys
0x80657000 \SystemRoot\system32\drivers\pci.sys
0x8067E000 \SystemRoot\System32\drivers\partmgr.sys
0x8068D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80690000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\system32\drivers\pciide.sys
0x806FA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80708000 \SystemRoot\System32\drivers\mountmgr.sys
0x80718000 \SystemRoot\system32\drivers\atapi.sys
0x80720000 \SystemRoot\system32\drivers\ataport.SYS
0x8073E000 \SystemRoot\system32\drivers\fltmgr.sys
0x80770000 \SystemRoot\system32\drivers\fileinfo.sys
0x80780000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x80789000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82201000 \SystemRoot\system32\drivers\ndis.sys
0x8230C000 \SystemRoot\system32\drivers\msrpc.sys
0x82337000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A0B000 \SystemRoot\System32\drivers\tcpip.sys
0x89AF5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89C0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89D1C000 \SystemRoot\system32\drivers\volsnap.sys
0x89D55000 \SystemRoot\System32\Drivers\spldr.sys
0x89D5D000 \SystemRoot\System32\Drivers\mup.sys
0x89D6C000 \SystemRoot\System32\drivers\ecache.sys
0x89D93000 \SystemRoot\system32\drivers\disk.sys
0x89DA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89DC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x89DEE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89B10000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x89DF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x89DFD000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x89B20000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x89B30000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x89B37000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x89C09000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x89B40000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x89B4A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x89B88000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x89B97000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89BAF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x82372000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x89BB4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x89BC4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x89BD2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x89BEC000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x805D1000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8D80A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8D85B000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8DC0B000 \SystemRoot\system32\DRIVERS\athr.sys
0x8DE08000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E54A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5EA000 \SystemRoot\System32\drivers\watchdog.sys
0x8DCCC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E5F6000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8DCDF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8DCEA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E5FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8DD19000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DD24000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DD53000 \SystemRoot\system32\DRIVERS\storport.sys
0x8DD94000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DE00000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8DD9F000 \SystemRoot\system32\drivers\modem.sys
0x8DDAC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DDC3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8DDCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8DDF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D95C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D970000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8DC00000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8D985000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E5FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D995000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D9BF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D9C9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D9D6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EA0B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EA40000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA51000 \SystemRoot\system32\drivers\CHDART.sys
0x8EA81000 \SystemRoot\system32\drivers\portcls.sys
0x8EAAE000 \SystemRoot\system32\drivers\drmk.sys
0x8EAD3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8EE07000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8EF0A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8EFBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EFC8000 \SystemRoot\System32\Drivers\Null.SYS
0x8EFCF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EFD6000 \SystemRoot\System32\drivers\vga.sys
0x8EB11000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EFE2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EFEA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EFF2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EB32000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EB40000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EB49000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EB5F000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EB73000 \SystemRoot\system32\drivers\afd.sys
0x8EBBB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D9DF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EBED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x805E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F005000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F041000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F04B000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F062000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F088000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F09F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F0C0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F0CD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F0D8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96840000 \SystemRoot\System32\win32k.sys
0x8F0E0000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F0EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96A60000 \SystemRoot\System32\TSDDD.dll
0x96A80000 \SystemRoot\System32\cdd.dll
0x8F0F9000 \SystemRoot\system32\drivers\luafv.sys
0x8F114000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F129000 \SystemRoot\system32\drivers\spsys.sys
0x8F1D9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B603000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B62D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B637000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B64A000 \SystemRoot\system32\drivers\HTTP.sys
0x9B6B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B6D4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B6ED000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B702000 \SystemRoot\system32\drivers\mrxdav.sys
0x9B723000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B742000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B77B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B793000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CC0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CC72000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9CC76000 \SystemRoot\system32\drivers\peauth.sys
0x9CD54000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CD5E000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CD6A000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9CD74000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9CDA1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x777B0000 \WINDOWS\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
428 C:\WINDOWS\System32\smss.exe
560 csrss.exe
612 C:\WINDOWS\System32\wininit.exe
624 csrss.exe
656 C:\WINDOWS\System32\services.exe
672 C:\WINDOWS\System32\lsass.exe
680 C:\WINDOWS\System32\lsm.exe
728 C:\WINDOWS\System32\winlogon.exe
868 C:\WINDOWS\System32\svchost.exe
932 C:\WINDOWS\System32\nvvsvc.exe
960 C:\WINDOWS\System32\svchost.exe
1080 C:\WINDOWS\System32\svchost.exe
1104 C:\WINDOWS\System32\svchost.exe
1124 C:\WINDOWS\System32\svchost.exe
1196 C:\WINDOWS\System32\audiodg.exe
1216 C:\WINDOWS\System32\svchost.exe
1232 C:\WINDOWS\System32\SLsvc.exe
1272 C:\WINDOWS\System32\svchost.exe
1392 C:\WINDOWS\System32\svchost.exe
1576 C:\WINDOWS\System32\spoolsv.exe
1600 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1612 C:\WINDOWS\System32\svchost.exe
1808 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1864 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2000 C:\WINDOWS\System32\svchost.exe
2012 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
336 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
436 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1652 C:\WINDOWS\System32\svchost.exe
1792 C:\WINDOWS\System32\svchost.exe
308 C:\WINDOWS\System32\SearchIndexer.exe
1804 C:\WINDOWS\System32\drivers\XAudio.exe
2076 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2508 C:\WINDOWS\System32\rundll32.exe
3516 C:\WINDOWS\System32\taskeng.exe
3544 C:\WINDOWS\System32\dwm.exe
3588 C:\WINDOWS\explorer.exe
3784 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3792 C:\Program Files\HP\QuickPlay\QPService.exe
3804 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3824 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3924 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
4020 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4028 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
4036 C:\Program Files\Java\jre6\bin\jusched.exe
4088 C:\WINDOWS\System32\rundll32.exe
852 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
956 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
864 C:\Program Files\Windows Sidebar\sidebar.exe
2516 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2656 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2668 C:\WINDOWS\ehome\ehtray.exe
1836 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2540 C:\Program Files\Windows Media Player\wmpnscfg.exe
1352 WmiPrvSE.exe
1052 C:\WINDOWS\ehome\ehmsas.exe
2756 C:\Program Files\Windows Media Player\wmpnetwk.exe
3148 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3096 C:\WINDOWS\System32\svchost.exe
3240 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2796 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2248 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3896 C:\WINDOWS\System32\wuauclt.exe
2492 C:\Users\Travis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002b`a1b47e00 (NTFS)

PhysicalDrive0 Model Number: ST9200827AS, Rev: 3.BHA

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ComboFix 11-03-12.01 - Travis 03/13/2011 20:05:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1660 [GMT -5:00]
Running from: c:\users\Travis\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}
c:\users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}\chrome.manifest
c:\users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}\chrome\content\_cfg.js
c:\users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}\chrome\content\overlay.xul
c:\users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}\install.rdf
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 01:11 . 2011-03-14 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-12 19:20 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-12 19:20 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 19:14 . 2011-03-12 19:14 -------- d-----w- c:\users\Travis\AppData\Roaming\Avira
2011-03-12 19:12 . 2011-01-10 20:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-12 19:12 . 2011-01-10 20:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 19:12 . 2011-03-12 19:12 -------- d-----w- c:\program files\Avira
2011-03-10 20:40 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-03-10 20:40 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-10 20:40 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-10 20:40 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-10 20:40 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-10 20:40 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-10 20:39 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-03-10 20:39 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-03-10 20:39 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-03-10 20:37 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-03-10 20:37 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-03-10 20:37 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-03-10 20:37 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-03-10 20:37 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-03-10 20:36 . 2010-12-31 13:57 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-03-10 20:36 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-10 20:36 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-03-10 20:35 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-03-10 20:35 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-03-10 20:33 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-10 20:33 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-03-10 20:32 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-03-10 20:31 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-03-10 20:31 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-03-10 20:30 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-03-10 20:28 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-03-10 20:28 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-03-10 20:27 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-10 20:27 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-03-10 20:27 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-10 20:27 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-03-10 20:25 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-03-10 20:25 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-03-10 20:21 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-03-10 20:21 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-03-10 15:12 . 2009-11-08 16:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-10 15:12 . 2009-11-08 16:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-10 15:12 . 2009-11-08 16:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-10 15:12 . 2009-11-08 16:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-10 15:12 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-10 15:10 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-10 15:10 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-03-10 15:10 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-03-10 15:10 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-03-10 15:10 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-03-10 15:09 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-03-10 15:08 . 2011-01-08 08:47 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-10 15:08 . 2011-01-08 06:28 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-03-10 15:08 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-03-10 15:07 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-10 15:07 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-10 15:06 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-10 15:06 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-10 15:05 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-09 22:08 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-03-09 22:08 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 22:08 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 22:08 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 22:08 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 22:08 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 22:08 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:01 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2011-03-04 04:24 . 2009-07-10 11:47 247808 ----a-w- c:\windows\system32\shsvcs(1482).dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(682).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(682)(1468).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(682)(1028).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(672).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(672)(1466).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(517).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(517)(1464).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(517)(1027).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(1472).dll
2011-01-21 16:35 . 2011-02-10 19:32 11586048 ----a-w- c:\windows\system32\shell32(1030).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(683).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(683)(1478).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(683)(1032).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(673).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(673)(1476).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(518).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(518)(1475).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(518)(1031).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(1479).dll
2011-01-21 16:35 . 2011-02-10 19:32 353280 ----a-w- c:\windows\system32\shlwapi(1033).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(967).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(625).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(625)(966).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(625)(1329).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(615).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(615)(1327).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(460).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(460)(965).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(460)(1326).dll
2011-01-20 16:06 . 2011-02-10 19:32 2873344 ----a-w- c:\windows\system32\mf(1331).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(973).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(629).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(629)(972).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(629)(1339).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(619).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(619)(1337).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(464).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(464)(971).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(464)(1336).dll
2011-01-20 16:04 . 2011-02-10 19:32 209920 ----a-w- c:\windows\system32\mfplat(1341).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(648).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(413).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(1073).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(1073)(647).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(1073)(412).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(1073)(1003).dll
2010-12-28 15:55 . 2011-01-28 00:47 413696 ----a-w- c:\windows\system32\odbc32(1004).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(722).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(722)(1570).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(722)(1080).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(712).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(712)(1568).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(556).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(556)(1566).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(556)(1079).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(1574).dll
2010-12-18 06:27 . 2011-02-10 19:32 916480 ----a-w- c:\windows\system32\wininet(1082).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(706).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(706)(1524).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(706)(1056).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(696).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(696)(1522).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(540).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(540)(1520).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(540)(1055).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(1528).dll
2010-12-18 06:26 . 2011-02-10 19:32 1210880 ----a-w- c:\windows\system32\urlmon(1058).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(948).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(608).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(608)(945).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(608)(1298).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(598).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(598)(1296).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(443).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(443)(944).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(443)(1294).dll
2010-12-18 06:22 . 2011-02-10 19:32 1991680 ----a-w- c:\windows\system32\iertutil(1306).dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-23 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2009-04-23 c:\windows\Tasks\HPCeeScheduleForTravis.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-02-03 19:58]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{169CDE16-A8A9-40C9-ACA6-67ABADA1EC52}.job
- c:\windows\system32\msfeedssync.exe [2011-03-10 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 20:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-13 20:13:43
ComboFix-quarantined-files.txt 2011-03-14 01:13
.
Pre-Run: 121,923,031,040 bytes free
Post-Run: 121,435,164,672 bytes free
.
- - End Of File - - 0E4F2D22553E294997F48358406F3AB3

 

[Broni]

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[chrisb39]

Results of ESET scan

Here are the results of the ESET online scan:

C:\Qoobox\Quarantine\C\Users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan

Chris

 

[Broni]

Cool

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\shell32(682).dll
- c:\windows\system32\shlwapi(683).dll
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

=======================================================================

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[chrisb39]

VirusTotal scan results

Sorry if I copied too much - hope these are the results you wanted!

File name: shell32(682).dll
Submission date: 2011-03-14 22:27:27 (UTC)
Current status: queued (#8) queued analysing finished


Result: 0/ 43 (0.0%)


Antivirus Version Last Update Result
AhnLab-V3 2011.03.15.01 2011.03.14 -
AntiVir 7.11.4.200 2011.03.14 -
Antiy-AVL 2.0.3.7 2011.03.14 -
Avast 4.8.1351.0 2011.03.14 -
Avast5 5.0.677.0 2011.03.14 -
AVG 10.0.0.1190 2011.03.14 -
BitDefender 7.2 2011.03.14 -
CAT-QuickHeal 11.00 2011.03.14 -
ClamAV 0.96.4.0 2011.03.14 -
Commtouch 5.2.11.5 2011.03.14 -
Comodo 7981 2011.03.14 -
DrWeb 5.0.2.03300 2011.03.14 -
Emsisoft 5.1.0.2 2011.03.14 -
eSafe 7.0.17.0 2011.03.14 -
eTrust-Vet 36.1.8215 2011.03.14 -
F-Prot 4.6.2.117 2011.03.14 -
F-Secure 9.0.16440.0 2011.03.14 -
Fortinet 4.2.254.0 2011.03.14 -
GData 21 2011.03.14 -
Ikarus T3.1.1.97.0 2011.03.14 -
Jiangmin 13.0.900 2011.03.14 -
K7AntiVirus 9.93.4100 2011.03.14 -
Kaspersky 7.0.0.125 2011.03.14 -
McAfee 5.400.0.1158 2011.03.14 -
McAfee-GW-Edition 2010.1C 2011.03.14 -
Microsoft 1.6603 2011.03.14 -
NOD32 5953 2011.03.14 -
Norman 6.07.03 2011.03.14 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.14 -
PCTools 7.0.3.5 2011.03.11 -
Prevx 3.0 2011.03.14 -
Rising 23.49.00.06 2011.03.14 -
Sophos 4.63.0 2011.03.14 -
SUPERAntiSpyware 4.40.0.1006 2011.03.14 -
Symantec 20101.3.0.103 2011.03.14 -
TheHacker 6.7.0.1.149 2011.03.13 -
TrendMicro 9.200.0.1012 2011.03.14 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.14 -
VBA32 3.12.14.3 2011.03.14 -
VIPRE 8705 2011.03.14 -
ViRobot 2011.3.14.4356 2011.03.14 -
VirusBuster 13.6.249.3 2011.03.14 -
Additional informationShow all
MD5 : 33ae914c24f546aabf281ba7b138186d
SHA1 : 9467c16823168bb99899083450f1badfbd877690
SHA256: 1df08b2bbf9e8ceb610db6f3a521abff203ad8debedd316e57be80e90ebc04bd




0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: shlwapi(683).dll
Submission date: 2011-03-14 22:34:22 (UTC)
Current status: queued queued analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.15.01 2011.03.14 -
AntiVir 7.11.4.200 2011.03.14 -
Antiy-AVL 2.0.3.7 2011.03.14 -
Avast 4.8.1351.0 2011.03.14 -
Avast5 5.0.677.0 2011.03.14 -
AVG 10.0.0.1190 2011.03.14 -
BitDefender 7.2 2011.03.14 -
CAT-QuickHeal 11.00 2011.03.14 -
ClamAV 0.96.4.0 2011.03.14 -
Commtouch 5.2.11.5 2011.03.14 -
Comodo 7981 2011.03.14 -
DrWeb 5.0.2.03300 2011.03.14 -
Emsisoft 5.1.0.2 2011.03.14 -
eSafe 7.0.17.0 2011.03.14 -
eTrust-Vet 36.1.8215 2011.03.14 -
F-Prot 4.6.2.117 2011.03.14 -
F-Secure 9.0.16440.0 2011.03.14 -
Fortinet 4.2.254.0 2011.03.14 -
GData 21 2011.03.14 -
Ikarus T3.1.1.97.0 2011.03.14 -
Jiangmin 13.0.900 2011.03.14 -
K7AntiVirus 9.93.4100 2011.03.14 -
Kaspersky 7.0.0.125 2011.03.14 -
McAfee 5.400.0.1158 2011.03.14 -
McAfee-GW-Edition 2010.1C 2011.03.14 -
Microsoft 1.6603 2011.03.14 -
NOD32 5953 2011.03.14 -
Norman 6.07.03 2011.03.14 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.14 -
PCTools 7.0.3.5 2011.03.11 -
Prevx 3.0 2011.03.14 -
Rising 23.49.00.06 2011.03.14 -
Sophos 4.63.0 2011.03.14 -
SUPERAntiSpyware 4.40.0.1006 2011.03.14 -
Symantec 20101.3.0.103 2011.03.14 -
TheHacker 6.7.0.1.149 2011.03.13 -
TrendMicro 9.200.0.1012 2011.03.14 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.14 -
VBA32 3.12.14.3 2011.03.14 -
VIPRE 8705 2011.03.14 -
ViRobot 2011.3.14.4356 2011.03.14 -
VirusBuster 13.6.249.3 2011.03.14 -
Additional informationShow all
MD5 : 9176285122b7b849fec2aa1b72a8f7a8
SHA1 : a6fe9f5a38271eb8e0863e28a6cbd800d6f9ac69
SHA256: 9bccfa0bf9b797f2df30c320cab2db224858f29428fcde7bd104465a4b923173

 

[Broni]

Thanks

Go ahead with OTL.

 

[chrisb39]

OTL logfile

OTL logfile created on: 3/14/2011 5:45:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Travis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.53 Gb Total Space | 112.86 Gb Free Space | 64.67% Space Free | Partition Type: NTFS
Drive D: | 11.78 Gb Total Space | 2.02 Gb Free Space | 17.15% Space Free | Partition Type: NTFS

Computer Name: TRAVIS-PC | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/14 17:42:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
PRC - [2011/01/10 15:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 15:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 15:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/14 17:42:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/10 15:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 15:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 15:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 15:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/06 16:40:14 | 000,761,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
IE - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2011/01/27 20:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Extensions
[2011/01/27 20:03:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\otxmvzb8.default\extensions
[2011/01/27 20:03:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Travis\AppData\Roaming\Mozilla\Firefox\Profiles\otxmvzb8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/27 20:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/03/13 20:11:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Travis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Travis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 13:43:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/14 17:42:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
[2011/03/14 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Travis\Documents\OneNote Notebooks
[2011/03/14 10:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/13 20:13:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/13 20:13:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/13 20:03:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/13 20:03:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/13 20:03:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/13 20:03:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/13 20:03:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/13 20:03:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/13 12:12:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/12 14:20:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/12 14:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/12 14:20:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/12 14:14:54 | 000,000,000 | ---D | C] -- C:\Users\Travis\AppData\Roaming\Avira
[2011/03/12 14:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/03/12 14:12:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/03/12 14:12:20 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/03/12 14:12:20 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/03/12 14:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/03/12 14:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/03/12 14:09:10 | 000,000,000 | ---D | C] -- C:\Users\Travis\Desktop\Travis

========== Files - Modified Within 30 Days ==========

[2011/03/14 17:42:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe
[2011/03/14 17:34:48 | 000,001,111 | ---- | M] () -- C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/14 16:41:59 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/14 16:41:59 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/14 16:41:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/14 14:01:27 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/14 14:01:27 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/14 13:56:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 13:56:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/14 12:49:21 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{169CDE16-A8A9-40C9-ACA6-67ABADA1EC52}.job
[2011/03/14 11:58:06 | 000,000,258 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/03/14 11:56:43 | 3152,875,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 20:11:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/13 19:00:54 | 004,286,145 | R--- | M] () -- C:\Users\Travis\Desktop\ComboFix.exe
[2011/03/13 18:42:28 | 000,080,384 | ---- | M] () -- C:\Users\Travis\Desktop\MBRCheck.exe
[2011/03/13 16:40:08 | 000,354,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/12 14:20:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/12 14:12:35 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/03/09 18:37:22 | 000,000,236 | ---- | M] () -- C:\Users\Travis\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/03/14 17:34:48 | 000,001,111 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/03/13 20:03:53 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/13 20:03:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/13 20:03:53 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/13 20:03:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/13 20:03:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/13 19:51:12 | 004,286,145 | R--- | C] () -- C:\Users\Travis\Desktop\ComboFix.exe
[2011/03/13 19:51:12 | 000,080,384 | ---- | C] () -- C:\Users\Travis\Desktop\MBRCheck.exe
[2011/03/12 14:20:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/12 14:12:35 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/24 22:21:13 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 22:21:13 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 22:21:13 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/03/16 02:03:10 | 000,009,978 | -HS- | C] () -- C:\Users\Travis\AppData\Local\QJyrk5wvCU1
[2010/03/02 02:35:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/02 02:35:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/19 16:51:13 | 000,000,120 | ---- | C] () -- C:\Users\Travis\AppData\Local\Rvejij.dat
[2010/01/19 16:51:13 | 000,000,000 | ---- | C] () -- C:\Users\Travis\AppData\Local\Ljilebiyiniyet.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/11 17:20:51 | 000,000,236 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\wklnhst.dat
[2009/04/02 17:11:58 | 000,000,680 | ---- | C] () -- C:\Users\Travis\AppData\Local\d3d9caps.dat
[2009/03/21 22:55:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/21 22:04:17 | 000,027,430 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\nvModes.001
[2009/03/21 22:00:17 | 000,027,430 | ---- | C] () -- C:\Users\Travis\AppData\Roaming\nvModes.dat
[2009/02/03 14:40:43 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/02/03 14:36:59 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/02/03 13:58:25 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,354,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/08/21 19:55:50 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\iWin
[2010/02/03 02:20:19 | 000,000,000 | -HSD | M] -- C:\Users\Travis\AppData\Roaming\lowsec
[2009/03/22 12:51:12 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\MSNInstaller
[2009/03/24 14:53:49 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\muvee Technologies
[2010/01/25 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Research In Motion
[2009/04/11 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\Template
[2009/03/21 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Travis\AppData\Roaming\WildTangent
[2011/03/14 11:55:52 | 000,032,606 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2011/03/14 12:49:21 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{169CDE16-A8A9-40C9-ACA6-67ABADA1EC52}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/02/03 13:43:48 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/03/14 11:56:43 | 3152,875,520 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/03 13:20:57 | 000,000,383 | -H-- | M] () -- C:\IPH.PH
[2011/03/14 11:56:41 | 3466,776,576 | -HS- | M] () -- C:\pagefile.sys
[2009/04/01 19:30:54 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/02 12:12:59 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/29 16:16:04 | 000,000,574 | -HS- | M] () -- C:\Users\Travis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/03/13 19:00:54 | 004,286,145 | R--- | M] () -- C:\Users\Travis\Desktop\ComboFix.exe
[2011/03/13 18:42:28 | 000,080,384 | ---- | M] () -- C:\Users\Travis\Desktop\MBRCheck.exe
[2011/03/14 17:42:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Travis\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/01/25 16:41:28 | 000,000,402 | -HS- | M] () -- C:\Users\Travis\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/02/03 13:59:21 | 000,000,371 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/03/14 16:41:59 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/16 19:44:38 | 000,009,978 | -HS- | M] () -- C:\ProgramData\QJyrk5wvCU1

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

[chrisb39]

OTL Extras logfile

OTL Extras logfile created on: 3/14/2011 5:45:00 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Travis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 174.53 Gb Total Space | 112.86 Gb Free Space | 64.67% Space Free | Partition Type: NTFS
Drive D: | 11.78 Gb Total Space | 2.02 Gb Free Space | 17.15% Space Free | Partition Type: NTFS

Computer Name: TRAVIS-PC | User Name: Travis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AF118897-2CEF-4A29-B974-0BE72D101346}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C57B808F-0021-4754-888F-89096426D37F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B10D723-D635-49E8-A484-7AECDC92B9D4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3F02FD65-A9DA-4DF0-874D-627712DBC091}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4E8F5B79-4214-47E9-A71D-0348D9773738}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{68EEAD35-5CCD-4B3A-A84D-718C92FDEEBA}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7E2EEF6B-EB50-4F7A-9FF7-5A65A1B6735E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{911D49F1-E09F-4B4C-9FE6-2DF3A0B57A85}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{94EEC6CD-7B25-4E9C-B4D4-765ECFCC8900}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9DCF867F-752A-4D62-90C9-2408FE9AD755}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B028734B-AF70-402E-963A-50F7F65D319D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B337E5A8-E99E-4B58-9D37-BD2D850C3179}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{BDB2A845-33D7-4B74-8DFE-381D7EDC40E0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C60767D5-A51C-4347-AA2D-7F51BC367F60}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E880EE20-3066-4729-BDB8-7118358AFA46}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ED0EAB05-C123-49F7-B807-7ADDD6855B8E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EDBA3164-1C93-45E9-B8A3-2032CA6D4EEC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_6" = AIM 6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{D793A12F-E362-48BB-B332-1DA5E936B52D}" = BlackBerry Desktop Software 4.3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/13/2011 3:57:42 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/13/2011 5:41:02 PM | Computer Name = Travis-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2011 5:41:12 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/13/2011 5:41:12 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/13/2011 7:11:23 PM | Computer Name = Travis-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2011 7:11:37 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/13/2011 7:11:37 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/13/2011 9:28:41 PM | Computer Name = Travis-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/13/2011 9:29:30 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/13/2011 9:29:30 PM | Computer Name = Travis-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 9/8/2010 4:56:48 PM | Computer Name = Travis-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 3/13/2011 9:48:33 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/14/2011 11:03:00 AM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2011 11:03:31 AM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/14/2011 11:03:31 AM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/14/2011 12:57:53 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2011 12:58:21 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/14/2011 12:58:22 PM | Computer Name = Travis-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/14/2011 1:01:33 PM | Computer Name = Travis-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001E68987295 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/14/2011 4:41:00 PM | Computer Name = Travis-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001E68987295 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/14/2011 5:43:51 PM | Computer Name = Travis-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 001E68987295 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O3 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
  O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
  O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
  O15 - HKU\S-1-5-21-2517896630-2968744582-3003371630-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  [2010/03/16 02:03:10 | 000,009,978 | -HS- | C] () -- C:\Users\Travis\AppData\Local\QJyrk5wvCU1
  [2010/01/19 16:51:13 | 000,000,120 | ---- | C] () -- C:\Users\Travis\AppData\Local\Rvejij.dat
  [2010/01/19 16:51:13 | 000,000,000 | ---- | C] () -- C:\Users\Travis\AppData\Local\Ljilebiyiniyet.bin
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• IMPORTANT! UN-check Remove found threats
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[chrisb39]

latest scan logs

ESET online scan finally finished! No worries re: results reading - I've mostly been leaving that up to you all along. lol

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2517896630-2968744582-3003371630-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-2517896630-2968744582-3003371630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Travis\AppData\Local\QJyrk5wvCU1 moved successfully.
C:\Users\Travis\AppData\Local\Rvejij.dat moved successfully.
C:\Users\Travis\AppData\Local\Ljilebiyiniyet.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Travis
->Temp folder emptied: 27858074 bytes
->Temporary Internet Files folder emptied: 30470987 bytes
->Java cache emptied: 4049 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 180449 bytes

Total Files Cleaned = 56.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Travis
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03142011_184826

Files\Folders moved on Reboot...
C:\Users\Travis\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/3/2009 1:34:00 PM
System Uptime: 3/13/2011 4:38:58 PM (1 hours ago)
.
Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 175 GiB total, 112.432 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.016 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
Atheros Driver Installation Program
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 4.3
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
Driver Detective
DVD Suite
EA Link
GEAR driver installer for x86 and x64
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Junk Mail filter update
LabelPrint
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.6
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Slingbox Flash Tour
SlingPlayer
Synaptics Pointing Device Driver
The Sims™ Life Stories
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
.
==== End Of File ===========================



Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 2
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````


ESETScan
C:\Qoobox\Quarantine\C\Users\Travis\AppData\Local\{35C4D284-D8C0-45CD-82F9-8E6CCF6A52B7}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan

 

[Broni]

Uninstall Java(TM) 6 Update 2 .

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Services
  
  :Reg
  
  :Files
  C:\SWSetup\AOLIMS\setup.exe
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

 

[chrisb39]

OTL logs

Here are the OTL logs:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\SWSetup\AOLIMS\setup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Travis
->Temp folder emptied: 34524 bytes
->Temporary Internet Files folder emptied: 7430629 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7915000 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Travis
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03152011_113150

Files\Folders moved on Reboot...
C:\Users\Travis\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...


All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Travis
->Temp folder emptied: 32797 bytes
->Temporary Internet Files folder emptied: 3267445 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Travis
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 03152011_114057

Files\Folders moved on Reboot...
C:\Users\Travis\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Final questions...
I was thinking about installing Firefox; do you have an opinion about that?

Every time I restart the computer, I get a message that Windows has blocked some startup programs. Do I need to be concerned about this and/or do anything about it?

Thanks so much for all your help!

Chris

 

[Broni]

There is always a good idea to have more, than one browser installed.
Firefox is what I use as my primary browser.

I get a message that Windows has blocked some startup programs. Do I need to be concerned about this and/or do anything about it?

I'd need more info.
What startups are being blocked?

 

[chrisb39]

startup programs

Here's the wierd thing. The message is displayed that startup programs have been blocked and an icon appears in the system tray that says "blocked startup programs", but when I click on it, there are no programs in the list that say they are blocked. There is a "run blocked programs" option. The only program listed there is MBAM. MBAM is in the list of startup programs & there's no disabled date listed by it...

Other than this, the computer seems to be running fine. I haven't used a lot of programs yet, but Word opens fine and the internet connection is working great!

Chris

 

[Broni]

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

 

[chrisb39]

startup report

Here's the startup report. Thanks!

Startup List report created on 3/15/2011 by Startup Manager


Name: SynTPEnh
Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: QPService
Path: "C:\Program Files\HP\QuickPlay\QPService.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: OnScreenDisplay
Path: C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: UCam_Menu
Path: "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: hpqSRMon
Path: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Health Check Scheduler
Path: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: hpWirelessAssistant
Path: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: WAWifiMessage
Path: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvCplDaemon
Path: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: NvMediaCenter
Path: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HP Software Update
Path: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: RoxWatchTray
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: avgnt
Path: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Malwarebytes' Anti-Malware (reboot)
Path: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Sidebar
Path: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: LightScribe Control Panel
Path: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: WindowsWelcomeCenter
Path: rundll32.exe oobefldr.dll,ShowWelcomeCenter
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: HPAdvisor
Path: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: ehTray.exe
Path: C:\Windows\ehome\ehTray.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: MsnMsgr
Path: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: WMPNSCFG
Path: C:\Program Files\Windows Media Player\WMPNSCFG.exe
Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: Enabled
------------------------------------------------------------------------------------------

Name: Secunia PSI Tray
Path: C:\PROGRA~1\Secunia\PSI\psi_tray.exe
Location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------

Name: OneNote 2007 Screen Clipper and Launcher
Path: C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr
Location: C:\Users\Travis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Status: Enabled
------------------------------------------------------------------------------------------
Total 23 Items

 

[Broni]

Re-run the program and UN-check following unnecessary startups:

hpqSRMon
HP Health Check Scheduler
NvCplDaemon
HP Software Update
RoxWatchTray
Malwarebytes' Anti-Malware (reboot)
WindowsWelcomeCenter
HPAdvisor
MsnMsgr
WMPNSCFG
Secunia PSI Tray

Restart computer and report back on any issues.

 

[chrisb39]

Thanks!

That took care of the blocked startup program message and the computer seems to be working great. Thanks so much for your help!

Chris

 

[Broni]

Way to go!!

Good luck and stay safe