whenever i click a link that is provided after searching using any search engine (google, bing, etc.) i get redirected to either an advertising site or some other type of search tool. How do i fix this? thank you for the help
illusionx 0 Light Poster
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Hi and welcome to the Daniweb forums :).
==========
Please read; http://www.daniweb.com/forums/thread134865.html
illusionx 0 Light Poster
sorry...
this is the first time i ran Malwarebytes before i found your webstie:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4125
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/21/2010 11:36:28 PM
mbam-log-2010-05-21 (23-36-28).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 284758
Time elapsed: 4 hour(s), 33 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 11
Files Infected: 22
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\gamevance.linker (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1d22e9e4-f771-4b8d-aa68-ba04e8980e07} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a851c98a-6136-4b02-9ec7-22aaf33e7b97} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{da4b6a86-82e7-4a9e-abb9-3b225bc214a4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7370f91f-6994-4595-9949-601fa2261c8d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gamevance.linker.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FunWebProducts\Data\Compaq_Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts\Data\Compaq_Owner (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\A360 (Rogue.A360AntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Gamevance\gvtl.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FunWebProducts\Data\Compaq_Owner\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FunWebProducts\Data\Compaq_Owner\register.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FunWebProducts\Data\Compaq_Owner\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\vubyre.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Cookies\apufanopyw.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
this is after i found your website and followed the cleaning instructions:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4125
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5/22/2010 11:53:11 PM
mbam-log-2010-05-22 (23-53-11).txt
Scan type: Quick scan
Objects scanned: 5
Time elapsed: 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
this is the GMER One log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-23 11:12:47
Windows 5.1.2600 Service Pack 3
Running: ubee11i5.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uwlcraoc.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEB41DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEB41D8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEB41DA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device -> \Driver\atapi \Device\Harddisk0\DR0 84CD1D01
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
this is the GMER Two log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-23 13:29:55
Windows 5.1.2600 Service Pack 3
Running: ubee11i5.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\uwlcraoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEB410C7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEB410B36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEB4110EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEB411014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEB41070C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEB410C10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEB41064C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEB4106B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEB410D30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEB4111B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEB410CF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEB410E70]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEB41DAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEB41D8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEB41DA24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP DAEB4110
PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP EB41DA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP EB41D8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP EB419536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP EB41AEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP EB41DACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\system32\drivers\isapnp.sys entry point in ".rsrc" section [0xF7524014]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1156] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01F9000A
.text C:\WINDOWS\System32\svchost.exe[1156] ole32.dll!CoCreateInstance 7750057E 3 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[1156] ole32.dll!CoCreateInstance + 4 77500582 1 Byte [89]
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1556] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device -> \Driver\atapi \Device\Harddisk0\DR0 84CD1D01
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\isapnp.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
this is the DDS.text:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 14:01:37.53 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.68 [GMT -5:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\ubee11i5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.imesh.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [AlcxMonitor] ALCXMNTR.EXE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\compaq~1.you\startm~1\programs\startup\compaq~1.lnk - c:\program files\hewlett-packard\compaq organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\compaq~1.you\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\compaq~1.you\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\compaq_owner.your-d0f670b45a\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\compaq~1.you\applic~1\mozilla\firefox\profiles\jp9bnab4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://compaq-desktop.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\compaq_owner.your-d0f670b45a\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-05-21 21:29:22 0 d-----w- c:\docume~1\compaq~1.you\applic~1\Malwarebytes
2010-05-21 21:28:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 21:28:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 21:28:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-21 21:28:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 02:51:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-07 16:00:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
==================== Find3M ====================
2010-05-23 02:12:28 3649 ----a-w- c:\windows\viassary-hp.reg
2010-04-28 21:52:27 304160 ----a-w- C:\PA207.DAT
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 22:28:38 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-05 03:06:18 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020420090205\index.dat
============= FINISH: 14:04:05.03 ===============
sorry, i don't know how to zip and attach the Attach.text
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Please download ComboFix by sUBs from HERE or HERE
- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run Combofix ONCE only!!
illusionx 0 Light Poster
sorry, i don't know what HJT is.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Sorry, I should have edited my canned reply. HJT = HijackThis.
Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
illusionx 0 Light Poster
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:26:33 PM, on 5/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.myitlab.com
O15 - Trusted Zone: *.pearsoncmg.com
O15 - Trusted Zone: *.pearsoned.com
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10750 bytes
combofix
ComboFix 10-05-23.05 - Compaq_Owner 05/23/2010 23:45:07.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.58 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\System\Uninstall
c:\windows\viassary-hp.reg
c:\windows\wiaservv.log
D:\Autorun.inf
Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-24 04:23 . 2010-05-24 04:23 -------- d-----w- c:\program files\Trend Micro
2010-05-22 21:06 . 2010-05-22 21:06 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sonic
2010-05-22 21:05 . 2010-05-22 21:05 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Leadertech
2010-05-22 04:25 . 2010-05-22 04:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-05-21 21:29 . 2010-05-21 21:29 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Malwarebytes
2010-05-21 21:28 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-21 21:28 . 2010-05-21 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-21 21:28 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-21 21:28 . 2010-05-21 21:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 15:01 . 2010-05-20 15:01 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-17 02:51 . 2010-05-17 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-07 16:00 . 2010-05-07 16:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 04:24 . 2010-05-24 04:24 388096 ----a-r- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-24 04:04 . 2009-12-25 21:26 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\LimeWire
2010-05-22 09:14 . 2010-05-22 09:14 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3dbc6db1-n\decora-sse.dll
2010-05-22 09:14 . 2010-05-22 09:14 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54c6488d-n\msvcp71.dll
2010-05-22 09:14 . 2010-05-22 09:14 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54c6488d-n\jmc.dll
2010-05-22 09:14 . 2010-05-22 09:14 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-54c6488d-n\msvcr71.dll
2010-05-22 09:14 . 2010-05-22 09:14 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3dbc6db1-n\decora-d3d.dll
2010-05-18 04:20 . 2009-03-23 18:11 -------- d-----w- c:\program files\Alwil Software
2010-05-17 19:23 . 2008-11-20 18:42 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Move Networks
2010-05-17 18:15 . 2009-09-19 20:19 143976 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Move Networks\uninstall.exe
2010-05-17 18:15 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-05-13 03:04 . 2008-10-31 23:12 -------- d-----w- c:\program files\PokerStars
2010-05-06 20:59 . 2009-03-23 18:11 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2009-03-23 18:11 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2009-03-23 18:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2009-03-23 18:11 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2009-03-23 18:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2009-03-23 18:11 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2009-03-23 18:11 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2009-03-23 18:11 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2009-03-23 18:12 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-04 19:06 . 2009-11-20 02:30 -------- d-----w- c:\program files\Yugioh Virtual Dueling
2010-04-28 21:52 . 2009-07-02 01:21 304160 ----a-w- C:\PA207.DAT
2010-04-24 05:11 . 2010-03-25 14:39 44 ----a-w- c:\windows\popcinfot.dat
2010-04-23 03:02 . 2010-04-23 03:02 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\U3
2010-04-21 22:28 . 2008-10-26 22:58 60000 -c--a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-18 17:59 . 2009-08-18 16:51 -------- d-----w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GetRightToGo
2010-04-18 05:56 . 2009-08-18 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-18 05:55 . 2006-03-27 22:12 -------- d-----w- c:\program files\Microsoft Works
2010-04-15 05:21 . 2010-03-25 14:39 -------- d-----w- c:\program files\PopCap Games
2010-04-02 03:46 . 2010-04-02 03:46 503808 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-461b94d1-n\msvcp71.dll
2010-04-02 03:46 . 2010-04-02 03:46 499712 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-461b94d1-n\jmc.dll
2010-04-02 03:46 . 2010-04-02 03:46 61440 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3bf21e81-n\decora-sse.dll
2010-04-02 03:46 . 2010-04-02 03:46 348160 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-461b94d1-n\msvcr71.dll
2010-04-02 03:46 . 2010-04-02 03:46 12800 ----a-w- c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3bf21e81-n\decora-d3d.dll
2010-04-02 03:46 . 2006-03-27 21:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-02 03:45 . 2006-03-27 21:41 -------- d-----w- c:\program files\Java
2010-03-25 14:40 . 2010-03-25 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2010-03-25 14:39 . 2010-03-25 14:39 0 ----a-w- c:\windows\popcreg.dat
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 09:28 . 2008-12-03 03:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-01 22:28 . 2009-04-22 16:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-21 185872]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-16 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-27 27136]
c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2006-3-27 36864]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
RCA Detective.lnk - c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\RCA Detective\RCADetective.exe [2010-1-30 942592]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-3-27 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/20/2009 4:28 PM 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/23/2009 1:11 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/23/2009 1:11 PM 19024]
R3 PAC207;PC [email]Camer@;c:\windows\system32\drivers\PFC027.SYS[/email] [5/14/2007 11:26 AM 508288]
.
Contents of the 'Scheduled Tasks' folder
2010-05-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.imesh.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: myitlab.com
Trusted Zone: pearsoncmg.com
Trusted Zone: pearsoned.com
FF - ProfilePath - c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://compaq-desktop.aol.com/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/webResults.html?src=ffb&q=
FF - plugin: c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 00:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-05-24 00:19:47
ComboFix-quarantined-files.txt 2010-05-24 05:19
Pre-Run: 44,828,291,072 bytes free
Post-Run: 45,980,942,336 bytes free
- - End Of File - - AF6A7E109F1D454214AE94263F36D009
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
I will look closer when I get home from work but, FYI, in the stickies it recommends that all P2P software be un-installed or if you get re-infected, you run the risk of not receiving assistance in future.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Can you please do the following.
===============
Go to Add/Remove programs and uninstall the following, if present:
Viewpoint Manager,Viewpoint Media Player,Viewpoint Toolbar
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
===============
Scan with HijackThis and then place a check next to all the following, if present:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Startup: Compaq Organize.lnk = ?
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
C:\Program Files\Viewpoint
Search for...
ALCXMNTR.EXE
...using "Start | Search...".
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.
-
Reboot.
===============
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
==
Please let me know how your pc is now.
illusionx 0 Light Poster
Please let me know how your pc is now.
still slow because it seems that the hard drive is always running, but the problem seems to be fixed. thank you.
OTL.Txt-Notepad:
OTL logfile created on: 5/24/2010 9:10:45 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.69 Gb Total Space | 42.81 Gb Free Space | 63.24% Space Free | Partition Type: NTFS
Drive D: | 6.81 Gb Total Space | 0.35 Gb Free Space | 5.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/24 09:06:53 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/01 17:28:29 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/01 17:28:29 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/09 12:40:26 | 000,942,592 | ---- | M] (Audiovox Electronics Corp.) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\RCA Detective\RCADetective.exe
PRC - [2008/11/21 18:22:35 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/07/07 14:14:40 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/11/03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2006/03/27 17:20:47 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
========== Modules (SafeList) ==========
MOD - [2010/05/24 09:06:53 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/03/27 17:20:45 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\temp\IadHide5.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/01 17:28:29 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/06 10:18:06 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/01 16:36:23 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/15 15:45:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/05/14 11:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/16 18:40:48 | 000,037,248 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/10/20 18:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/09/30 13:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/08/29 17:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 23:35:00 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 43 C3 62 85 92 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.searchEnginesURL: "http://searchplugins.peersbros.com/"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://compaq-desktop.aol.com/"
FF - prefs.js..extensions.enabledItems: {4ea1ebf2-dd99-8481-808d-1ddb0f615659}:0.1.1
FF - prefs.js..extensions.enabledItems: {0AC54906-5413-4C81-B446-07929BC39C25}:0.7.1
FF - prefs.js..extensions.enabledItems: foof@foofme.com:1.2.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://search.imesh.com/webResults.html?src=ffb&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/21 18:23:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/27 10:42:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/04 14:37:09 | 000,000,000 | ---D | M]
[2009/12/25 16:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Extensions
[2009/12/25 16:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/24 00:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions
[2009/07/14 00:40:44 | 000,000,000 | ---D | M] (ArchView) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{0AC54906-5413-4C81-B446-07929BC39C25}
[2010/05/01 19:23:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/21 13:33:18 | 000,000,000 | ---D | M] (0fees.net Top-ADs Remover) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{4ea1ebf2-dd99-8481-808d-1ddb0f615659}
[2009/05/22 18:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\{dd7515c0-0820-4234-806b-74197fa5955c}(2)
[2009/05/22 18:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\firetorrent@radicalsoft(2).com
[2009/05/22 18:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\firetray@radicalsoft(2).com
[2010/05/01 19:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\foof@foofme.com
[2009/05/22 18:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\extensions\moveplayer@movenetworks(2).com
[2009/11/19 18:11:13 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\searchplugins\bing.xml
[2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla\Firefox\Profiles\jp9bnab4.default\searchplugins\iMeshWebSearch.xml
[2010/05/24 00:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/26 12:36:34 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/11/29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
O1 HOSTS File: ([2010/05/24 00:09:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: myitlab.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoncmg.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pearsoned.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 01:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/12/06 13:05:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 90 Days ==========
[2010/05/24 09:06:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
[2010/05/24 08:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\New Folder (2)
[2010/05/24 07:07:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/23 23:30:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/23 23:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/23 17:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/23 17:25:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/22 16:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sonic
[2010/05/22 16:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Leadertech
[2010/05/21 23:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/05/21 16:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Malwarebytes
[2010/05/21 16:28:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/21 16:28:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/21 16:28:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/21 16:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/20 21:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/20 21:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/16 21:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/22 22:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\U3
[2010/04/21 17:34:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\Last Will and Testement of
[2010/04/01 22:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/25 09:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/03/25 09:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2010/03/15 12:03:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/03/05 18:36:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Image Zone Express
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010/05/24 09:06:53 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\OTL.exe
[2010/05/24 07:51:30 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/05/24 07:27:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 07:27:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 07:26:55 | 468,242,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 07:26:15 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\ntuser.dat
[2010/05/24 07:25:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\ntuser.ini
[2010/05/24 00:10:23 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/24 00:09:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/17 16:29:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/17 13:13:02 | 001,794,456 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\MoveMediaPlayerWin_071701000002.exe
[2010/05/17 12:30:51 | 004,760,576 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/05/17 12:30:50 | 002,569,216 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/05/16 21:55:18 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/16 21:55:14 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/07 11:00:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 14:37:13 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/04 14:08:54 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/04 14:08:45 | 000,528,252 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 14:08:45 | 000,446,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 14:08:45 | 000,073,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:52:27 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 00:11:55 | 000,000,044 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/04/21 17:28:32 | 000,060,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/18 09:20:01 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/13 18:39:07 | 000,000,972 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/26 10:02:00 | 003,713,240 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\IconCache.db
[2010/03/25 09:39:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2010/03/23 00:49:49 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\machina gadget.dek
[2010/03/23 00:43:57 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\gadgets.dek
[2010/03/20 22:07:05 | 000,001,020 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\flamvell monarch.dek
[2010/03/20 10:30:19 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/20 10:22:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\iphist.dat
[2010/03/16 21:26:52 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/03/01 17:28:38 | 000,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/05/23 23:31:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 23:31:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/17 13:12:55 | 001,794,456 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\MoveMediaPlayerWin_071701000002.exe
[2010/05/16 21:55:18 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/07 11:00:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/25 09:39:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/03/25 09:39:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/03/23 00:49:49 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\machina gadget.dek
[2010/03/23 00:43:57 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\gadgets.dek
[2010/03/20 22:02:05 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\My Documents\flamvell monarch.dek
[2010/03/20 10:22:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\iphist.dat
[2010/03/02 01:52:04 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/02/11 04:03:51 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/10 18:33:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2008/11/08 14:32:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2008/10/27 00:29:39 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/27 00:29:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/27 00:29:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/27 00:29:34 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/27 00:29:34 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/27 00:29:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/27 00:29:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/26 18:31:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008/10/26 10:00:30 | 000,019,698 | ---- | C] () -- C:\WINDOWS\uxety.dll
[2008/10/26 10:00:30 | 000,014,867 | ---- | C] () -- C:\WINDOWS\suwytob.dll
[2008/10/26 10:00:30 | 000,012,141 | ---- | C] () -- C:\WINDOWS\unec.sys
[2008/10/25 19:41:41 | 000,011,263 | ---- | C] () -- C:\WINDOWS\ucuc.dll
[2008/02/12 21:42:49 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/07 23:14:28 | 000,011,748 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/26 02:18:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/04 22:52:48 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/01/08 22:10:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/12/12 11:19:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/11/07 23:47:23 | 000,000,143 | ---- | C] () -- C:\WINDOWS\ALBUM.INI
[2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2006/08/19 14:50:20 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/27 17:47:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 17:24:49 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/27 17:19:27 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/27 17:19:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/27 17:17:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/27 17:15:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/27 17:03:15 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 17:01:35 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/27 16:55:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/27 16:37:31 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 16:34:08 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/27 16:34:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/27 16:33:43 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/01/09 18:28:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/06/15 16:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2010/01/30 15:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2C4E
[2008/11/10 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/16 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/18 13:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2007/11/24 12:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Empyre Group
[2010/01/24 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/07/16 21:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/16 21:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/09/17 13:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
[2009/05/18 13:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/03/25 09:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/02/16 20:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/02/16 20:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/24 07:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/24 21:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/10/16 11:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/05/15 11:43:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2008/11/10 00:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\acccore
[2009/12/25 16:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\blinkx
[2009/12/25 16:52:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Coby Media Manager
[2008/12/12 23:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/14 00:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\CoreCodec
[2009/05/18 13:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\DriverCure
[2008/12/18 00:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\funkitron
[2010/04/18 12:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GetRightToGo
[2010/03/05 18:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Image Zone Express
[2010/05/22 16:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Leadertech
[2010/05/24 07:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\LimeWire
[2009/04/30 11:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Netscape
[2008/11/02 16:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Skinux
[2009/12/25 16:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Titanium Gears
[2010/01/24 20:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\WildTangent
[2008/11/11 15:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\WinBatch
[2010/05/17 16:29:41 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/03 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/02/04 20:48:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/10/26 14:30:21 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\System32\config\*.sav >
[2005/12/04 17:42:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/12/04 17:42:42 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
< End of report >
Extras.Txt-Notepad:
OTL Extras logfile created on: 5/24/2010 9:10:45 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
446.00 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.69 Gb Total Space | 42.81 Gb Free Space | 63.24% Space Free | Partition Type: NTFS
Drive D: | 6.81 Gb Total Space | 0.35 Gb Free Space | 5.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-D0F670B45A
Current User Name: Compaq_Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~4\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31220F55-4AA9-4386-83BA-F2CF5E91BB3C}" = PC CIF Camer@
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Sup
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [emptytemp] [resethosts] [Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
==
Have you defragmented your HD lately?
illusionx 0 Light Poster
"Have you defragmented your HD lately?"
yeah, doesn't help. it does things like take 20mins to boot up or a minute or longer to start a program. the keyboard stops working sometimes and i need to reboot to get it working again (which doesn't always work the first time). the sound will stop working sometimes even though it says everything is working properly. idk. maybe it is just getting old...anyway...
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Application Data
User: Compaq_Owner
->Temp folder emptied: 429739805 bytes
->Temporary Internet Files folder emptied: 857097 bytes
->Java cache emptied: 51868743 bytes
->FireFox cache emptied: 71279854 bytes
->Flash cache emptied: 1633789 bytes
User: Compaq_Owner.YOUR-D0F670B45A
->Temp folder emptied: 932460 bytes
->Temporary Internet Files folder emptied: 1687621 bytes
->Java cache emptied: 73785659 bytes
->FireFox cache emptied: 77103108 bytes
->Google Chrome cache emptied: 9142975 bytes
->Flash cache emptied: 2527823 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 235389 bytes
->Temporary Internet Files folder emptied: 229510 bytes
->Flash cache emptied: 3050 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 14724 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 133346 bytes
%systemroot%\System32 .tmp files removed: 102417 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 173238 bytes
Total Files Cleaned = 688.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.5.0 log created on 05242010_212245
Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Temp\IadHide5.dll moved successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Temp\Z@R61.tmp moved successfully.
C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Temp\Z@R67.tmp moved successfully.
Registry entries deleted on Reboot...
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
When was the last time it was reformatted? If it's been a few years, that would not be helping.
Still, 20 minutes to boot seems a little excessive.
Once started, are there any processes in Task Manager using the cpu cycles?
illusionx 0 Light Poster
as far as i know it has never been reformatted. i don't actual know what that technically is let alone how to do it.
svchost runs a lot.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
There are always a few svchost.exe running. What I am after is if there are any processes that are using up cpu cycle time.
When you are doing nothing on the pc, the cpu usage should be down to near zero.
Reformatting is when you take the computer back to a clean install.
illusionx 0 Light Poster
How do i take it back to a clean install? system restore? or do i need windows? don't have the actual windows program. it came on the computer already.
illusionx 0 Light Poster
oh, the svchost takes up like 50-100 percent of the cpu sometimes.
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
You need a Windows CD to reformat.
You are looking for a process that uses the cpu cycle time consistently.
Something else you can try is to go in to msconfig and disable programs there one at a time to see if pc response time improves.
illusionx 0 Light Poster
if you don't mind, how would i do that?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Go to Start | Run and type in msconfig and hit OK. Select the Startup Tab and uncheck (one at a time, then reboot after each one) installed programs until you either find a problem entry, or you reach the end.
illusionx 0 Light Poster
what do i not need at start up?
RECGUARD
HPBootOp
Remind_XP
HPWuSchd2
Monitor
AAWTray
jusched
qttask
Reader_sl
AdobeARM
avastUI
HP Digital Imaging Monitor
realsched
Compaq Connections
Kodak EasyShare software
LimeWire on Startup
RCA Dtective
i am thinking at least Kodak EasyShare software, LimeWire, RCA Detective. Or do i not really need any of those at start up?
Under the General tab, it automatically selects Selective Startup and at start up i get a message about this. is this ok?
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
Leave RECGUARD and avastUI for the moment. The others need to be done singly so that you can determine which, if any, are to blame.
Yes, you will get a startup message about the change made.
kristain 1 Junior Poster in Training Banned
All of these steps listed by kristain have all ready been followed. So this post has been edited by jholland1964
Edited by jholland1964 because: Removal of all ready completed steps. Unnecessary post.
jholland1964 commented: All of these steps have all ready been run in this thread. -1
jholland1964 650 Posting Expert Team Colleague Featured Poster
kristain;
I suggest that you read this FULL Thread. All of these steps that you have just asked the poster to do have all ready been requested by Crunchie and completed by the poster.
Edited by jholland1964 because: n/a
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.