preconmanager

When going to check on the DCOM issue with my Component Services Admin Tool I received a Windows Security Alert that Windows Firewall has blocked some features of this program, specifically has blocked this program from accepting connections from the Internet or a network. I have not yet proceeded with any action on this. I did go into MMC to see about the problem and received a message "RSoP data is invalid. Likely causes are, data is corrupt, data has been deleted or data has never been created. This message has not appeared before when going into MMC. The detail message says "Invalid namespace". Some strange things going on. Do I understand the MiniToolBox report correctly, that there are two IP configurations? I want to make note that I had renamed my IUSR AND IWAN accounts recently. Now I can see why I could not see my Fixit scans in my Fixit Online account. It looks like they didn't get sent (MATS). There is something amiss in the DCOM.

NOTE: After running this program I received a Windows Security Alert. MiniToolBox by Farbar Version:10-01-2013 Ran by HP_Administrator (administrator) on 30-01-2013 at 09:39:59 Running from "K:\" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Could not flush the DNS Resolver Cache: Function failed during execution. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ 1394 Net Adapter = 1394 Connection (Connected) Wireless N-300 USB Adapter WNA3100 = Wireless Network Connection 39 (Connected) NVIDIA nForce Networking Controller = Local Area Connection 2 (Media disconnected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection 2" set address name="Local Area Connection 2" source=dhcp set dns name="Local Area Connection 2" source=dhcp register=PRIMARY set wins name="Local Area Connection 2" source=dhcp # Interface IP Configuration for "Wireless Network Connection 39" set address name="Wireless Network Connection 39" source=dhcp set dns name="Wireless Network Connection 39" source=dhcp register=PRIMARY set wins name="Wireless Network Connection 39" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : PRECONMANAGER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : home Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : NVIDIA nForce Networking Controller Physical Address. . . . . . . . . : 00-17-31-0F-84-31 Ethernet adapter Wireless Network Connection 39: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Wireless N-300 USB Adapter WNA3100 Physical Address. . . . . . . . . : C4-3D-C7-BE-CB-57 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.9 Subnet Mask . . . . . . . . . . . : 255.255.255.0 IP Address. . . . . . . . . . . . : fe80::c63d:c7ff:febe:cb57%6 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Lease Obtained. . . . . . . . . . : Wednesday, January 30, 2013 9:31:41 AM Lease Expires . . . . . . . . . . : Thursday, January 31, 2013 9:31:41 AM Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-FB-F5-CD-D4-D9-9B Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 2001:0:9d38:6ab8:0:fbf5:cdd4:d99b IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5 Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Automatic Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface Physical Address. . . . . . . . . : C0-A8-01-09 Dhcp Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.9%2 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 NetBIOS over Tcpip. . . . . . . . : Disabled Server: Wireless_Broadband_Router.home Address: 192.168.1.1 Name: google.com Addresses: 173.194.33.3, 173.194.33.4, 173.194.33.5, 173.194.33.6 173.194.33.7, 173.194.33.8, 173.194.33.9, 173.194.33.14, 173.194.33.0 173.194.33.1, 173.194.33.2 Pinging google.com [173.194.33.4] with 32 bytes of data: Reply from 173.194.33.4: bytes=32 time=14ms TTL=54 Reply from 173.194.33.4: bytes=32 time=17ms TTL=54 Ping statistics for 173.194.33.4: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 17ms, Average = 15ms Server: Wireless_Broadband_Router.home Address: 192.168.1.1 Name: yahoo.com Addresses: 206.190.36.45, 98.138.253.109, 98.139.183.24 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=45ms TTL=51 Reply from 206.190.36.45: bytes=32 time=57ms TTL=51 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 45ms, Maximum = 57ms, Average = 51ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 17 31 0f 84 31 ...... NVIDIA nForce Networking Controller 0x10004 ...c4 3d c7 be cb 57 ...... Wireless N-300 USB Adapter WNA3100 =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.9 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.1.0 255.255.255.0 192.168.1.9 192.168.1.9 20 192.168.1.9 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.1.255 255.255.255.255 192.168.1.9 192.168.1.9 20 224.0.0.0 240.0.0.0 192.168.1.9 192.168.1.9 20 255.255.255.255 255.255.255.255 192.168.1.9 2 1 255.255.255.255 255.255.255.255 192.168.1.9 192.168.1.9 1 Default Gateway: 192.168.1.1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation) Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Catalog5 06 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 32 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 33 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 34 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 35 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 36 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 37 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 38 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 39 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 40 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 41 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 42 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 43 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 44 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 45 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 46 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 47 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 48 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 49 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (01/30/2013 09:37:31 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a failure when uploading data. hr=0xC004F018 Error: (01/30/2013 09:37:31 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a web service failure. hr=0xC004F018 Error: (01/30/2013 09:32:40 AM) (Source: MatSvc) (User: ) Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070005 . Error: (01/30/2013 09:31:53 AM) (Source: Media Center Extender Services) (User: ) Description: ERROR: Device Service Initialization - Unable to create or initialize Device Table. Error code 0x80004005. Error: (01/30/2013 05:35:01 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a failure when uploading data. hr=0xC004F018 Error: (01/30/2013 05:35:01 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a web service failure. hr=0xC004F018 Error: (01/30/2013 05:30:15 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a failure when uploading data. hr=0xC004F018 Error: (01/30/2013 05:30:15 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a web service failure. hr=0xC004F018 Error: (01/30/2013 01:35:04 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a failure when uploading data. hr=0xC004F018 Error: (01/30/2013 01:35:04 AM) (Source: MatSvc) (User: ) Description: The MATS service encountered a web service failure. hr=0xC004F018 System errors: ============= Error: (01/30/2013 09:34:34 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:33:54 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:33:53 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:33:13 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:33:13 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:32:33 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:32:33 AM) (Source: DCOM) (User: ) Description: The machine wide Default Launch and Activation security descriptor is invalid. It contains Access Control Entries with permissions that are invalid. The requested action was therefore not performed. This security permission can be corrected using the Component Services administrative tool. Error: (01/30/2013 09:32:01 AM) (Source: Service Control Manager) (User: ) Description: The Media Center Extender Service service terminated with service-specific error 2147500037 (0x80004005). Error: (01/30/2013 09:32:01 AM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater13.3.2 service failed to start due to the following error: %%2 Error: (01/30/2013 09:32:01 AM) (Source: Service Control Manager) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Microsoft Office Sessions: ========================= Error: (01/30/2013 09:37:31 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018C:\Program Files\Microsoft Fix it Center\MATS\ReportCab\1d6d6027-073c-5f58-1005-9665e358cd34.cab Error: (01/30/2013 09:37:31 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018IDataUploadService::UploadResultERROR_INTERNAL_SERVER_ERROR Error: (01/30/2013 09:32:40 AM) (Source: MatSvc)(User: ) Description: hr=0x80070005 Error: (01/30/2013 09:31:53 AM) (Source: Media Center Extender Services)(User: ) Description: 0x80004005 Error: (01/30/2013 05:35:01 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018C:\Program Files\Microsoft Fix it Center\MATS\ReportCab\1d6d6027-073c-5f58-1005-9665e358cd34.cab Error: (01/30/2013 05:35:01 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018IDataUploadService::UploadResultERROR_INTERNAL_SERVER_ERROR Error: (01/30/2013 05:30:15 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018C:\Program Files\Microsoft Fix it Center\MATS\ReportCab\1d6d6027-073c-5f58-1005-9665e358cd34.cab Error: (01/30/2013 05:30:15 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018IDataUploadService::UploadResultERROR_INTERNAL_SERVER_ERROR Error: (01/30/2013 01:35:04 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018C:\Program Files\Microsoft Fix it Center\MATS\ReportCab\1d6d6027-073c-5f58-1005-9665e358cd34.cab Error: (01/30/2013 01:35:04 AM) (Source: MatSvc)(User: ) Description: hr=0xC004F018IDataUploadService::UploadResultERROR_INTERNAL_SERVER_ERROR =========================== Installed Programs ============================ Acrobat.com (Version: 0.0.0) Acrobat.com (Version: 1.1.377) Adobe AIR (Version: 1.0.4990) Adobe AIR (Version: 1.0.8.4990) Adobe Flash Player 11 ActiveX (Version: 11.5.502.146) Adobe Flash Player 11 Plugin (Version: 11.5.502.146) Adobe Reader X (10.1.5) (Version: 10.1.5) Agere Systems PCI-SV92PP Soft Modem Apple Application Support (Version: 2.1.6) Apple Software Update (Version: 2.1.3.127) Axis & Allies Demo (Version: 1.00.000) Box Sync (Version: 3.2.65.0) Canon Camera Access Library (Version: 8.5.0.2) Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.1.0.2) CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11) Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9) Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.0.8) Canon Personal Printing Guide (Version: 1.1.0.2) Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide (Version: 1.0.0.2) Canon Utilities CameraWindow (Version: 7.4.0.7) Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11) Canon Utilities Movie Uploader for YouTube (Version: 1.0.0.11) Canon Utilities MyCamera (Version: 7.3.0.5) Canon Utilities PhotoStitch (Version: 3.1.22.46) Canon Utilities ZoomBrowser EX (Version: 6.5.0.14) Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4) CCleaner (Version: 3.20) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680) Destinations (Version: 60.0.155.000) DocProc (Version: 5.2.0.0) DocumentViewer (Version: 53.0.13.000) DocumentViewerQFolder (Version: 1.00.0000) GemMaster Mystic HP Boot Optimizer (Version: 2.0.5.1) HP DigitalMedia Archive (Version: 2.0) HP Document Viewer 5.3 (Version: 5.3) HP DVD Play 1.0 HP Games (Version: 1.0.2.5) HP Imaging Device Functions 6.0 (Version: 6.0) HP Multimedia Keyboard Software HP Product Assistant (Version: 100.000.001.000) HP Product Detection (Version: 11.14.0006) HP Solution Center & Imaging Support Tools 5.3 (Version: 5.3) HP Update (Version: 5.003.001.001) HP Web Helper HPProductAssistant (Version: 53.0.13.000) HpSdpAppCoreApp (Version: 3.00.0000) Internet Explorer (Enable DEP) iTunes (Version: 10.5.3.3) Java 7 Update 10 (Version: 7.0.100) Java Auto Updater (Version: 2.1.9.0) LightScribe Diagnostic Utility (Version: 1.18.26.7) LightScribe System Software (Version: 1.18.26.7) Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100) Microsoft .NET Framework 1.0 Hotfix (KB2604042) Microsoft .NET Framework 1.0 Hotfix (KB2656378) Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.0 Security Update (KB2742607) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Fix it Center (Version: 1.0.0100) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0) Microsoft Security Client (Version: 4.1.0522.0) Microsoft Security Essentials (Version: 4.1.522.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 18.0.1 (x86 en-US) (Version: 18.0.1) Mozilla Maintenance Service (Version: 18.0.1) MSN MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0) NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206) NVIDIA Control Panel 306.81 (Version: 306.81) NVIDIA Drivers (Version: 1.3) NVIDIA Graphics Driver 306.81 (Version: 306.81) NVIDIA Install Application (Version: 2.1002.85.551) NVIDIA nView 136.28 (Version: 136.28) NVIDIA PhysX (Version: 9.10.0129) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) Otto PanoStandAlone (Version: 53.0.13.000) PC-Doctor 5 for Windows (Version: 5.00.3311.03) Polar Bowler (Version: 2.2.0.97) PS2 Realtek High Definition Audio Driver Revo Uninstaller 1.94 (Version: 1.94) ScannerCopy (Version: 5.2.0.0) SolutionCenter (Version: 50.0.152.000) Sonic Express Labeler (Version: 2.1.0) Sonic MyDVD Plus (Version: 6.2.0) Sonic RecordNow Audio (Version: 2.0.4) Sonic RecordNow Copy (Version: 2.0.4) Sonic RecordNow Data (Version: 2.0.4) Sonic Update Manager (Version: 3.0.0) Status (Version: 53.0.13.000) TrayApp (Version: 53.0.13.000) Unload (Version: 6.0.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows Internet Explorer 8 (KB2598845) (Version: 1) Update for Windows XP (KB2492386) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) WebFldrs XP (Version: 9.50.7523) WebReg (Version: 53.0.13.000) Windows 7 Upgrade Advisor (Version: 2.0.5000.0) Windows Internet Explorer 7 (Version: 20070813.185237) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Management Framework Core Windows Media Format Runtime Windows Presentation Foundation (Version: 3.0.6920.0) Windows Search 4.0 (Version: 04.00.6001.503) Windows XP Media Center Edition 2005 KB2628259 Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 (Version: 20080414.031525) XML Paper Specification Shared Components Pack 1.0 ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 49% Total physical RAM: 958.48 MB Available physical RAM: 483.55 MB Total Pagefile: 2309.57 MB Available Pagefile: 1914.71 MB Total Virtual: 2047.88 MB Available Virtual: 1971.26 MB ========================= Partitions: ===================================== 1 Drive c: (HP_PAVILION) (Fixed) (Total:177.81 GB) (Free:147.99 GB) NTFS 2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.49 GB) (Free:0.4 GB) FAT32 8 Drive k: (WDO_Media32) (Removable) (Total:7.28 GB) (Free:6.51 GB) NTFS ========================= Users: ======================================== User accounts for \\PRECONMANAGER Amanda1998 ASPNET Daughter Daughters Dad HelpAssistant HP_Administrator IUSR_Admin IUSR_CARL IWAM_Admin IWAM_CARL SUPPORT_388945a0 SUPPORT_fddfa904 UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****

Yes. I was not sure what TM was to do, so I went to their website, downloaded various programs and ran some scans (Anti Threat Toolkit, HouseCall, RootKitBuster, and HiJackThis). I retrieved some logs, others were locked by password. I did not get any malware readings from them. I did some more checking on why I couldn't get TM to report. I updated my I/O, TCP/IP and re-ran TM....still the same .txt result. But all this hasn't solved the main problem. Would you like to see the reports I got from Trend? Some are quite big in size. I didn't understand them because the info is all bunched together.

I have uninstalled Bonjour where the mDNS derived. Still trying on Trend Micro I am following TM instructions to the letter. After typing the notepad.exe to bring up the HOSTS file information this is all I get. 127.0.0.1 localhost (in the TM example this is the second to last line) I do not see the information that TM says I should.

I follow the instructions for the TM program. When prompting for the notebook view, I do not see the message (example) just one line at the top. My question: The TM program asks to stop the DNS cache, but I am seeing the mDNSResponder running during scans. Is there any correlation between DNS Cache and the mDNS Responder? I used TM then MBAM to scan, I will also run the TM and use MSE to scan. Any other suggested Anti-Mal? Can I try the rescue disks?

Found a way to retrieve the results that I was given by BD ==================================================== = Logging started on Tue 29 Jan 2013 12:06:48 AM UTC ==================================================== List of objects to be scanned: - /media/HP_RECOVERY - /media/HP_PAVILION Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Application Verifier.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/attach.txt': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/dds.txt': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/FSS.txt': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/LUA Protocol.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/mbam-log-2013-01-23 (00-59-45).txt': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Microsoft Security Essentials.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/reset.log': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Revo Uninstaller.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/arpwrmsg.exe.vir': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/arservice.exe.vir': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/Eula.txt': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/NewStartPanel_{20D04FE0-0.reg': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/PhysicalDrive0_User.dat': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/QuarantineReport.txt': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/RK_Quarantine/System_DisableReg0.reg': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut (2) to ComboFix.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to ComboFix.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to dds.com.pif': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to hijackthis.log.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to LSDiagnosticUtility.exe.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to Msinfo32 after Winsock reset.txt.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to Msinfo32.txt.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to OTL.exe.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to OTL.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/Shortcut to OTL.Txt.lnk': Permission denied Failed to scan '/media/HP_PAVILION/Documents and Settings/HP_Administrator/Desktop/SUPERAntiSpyware.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP25/A0024846.pif': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP44/A0027523.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP44/A0027524.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP44/A0027633.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042071.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042072.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042073.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042074.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042075.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042077.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042078.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042079.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042080.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042081.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042084.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042086.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP105/A0042082.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP13/A0023882.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP23/A0024573.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP24/A0024837.pif': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP24/A0024838.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP28/A0025866.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP28/A0025882.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP34/A0026111.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP34/A0026112.pif': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP34/A0026113.pif': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP34/A0026115.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP4/A0005619.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP46/A0027764.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP46/A0027765.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP47/A0027953.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP54/A0031448.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP56/A0033147.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP56/A0033096.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP56/A0033148.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033943.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033944.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033945.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033946.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033947.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033948.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033949.pif': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP58/A0033950.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP67/A0034292.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP68/A0034486.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP68/A0034471.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP68/A0034477.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP68/A0034478.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034529.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034540.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034543.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034544.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034575.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034577.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034578.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP69/A0034588.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP70/A0034622.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP71/A0035440.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP71/A0035443.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP72/A0035526.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP72/A0035935.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP72/A0035943.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP72/A0035946.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP72/A0035949.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP72/A0035950.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP73/A0035977.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036164.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036170.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036171.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036173.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036205.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036207.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036208.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036229.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036230.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036231.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036637.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036639.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036643.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036644.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036645.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP74/A0036646.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036818.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036824.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036825.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036827.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036857.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036861.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036862.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036863.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036885.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036886.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036887.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036893.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0036895.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037294.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037313.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037349.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037300.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037303.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037304.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037314.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037335.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037336.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037337.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037341.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037342.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037346.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037347.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037348.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP75/A0037357.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037640.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037784.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037790.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037791.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037793.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037795.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037796.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037797.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037818.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037819.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037820.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037825.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037826.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037830.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037831.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037832.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037833.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037843.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037844.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037865.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037866.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0037867.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038270.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038272.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038276.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038277.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038278.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038279.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038286.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038287.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038308.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038309.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038310.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038312.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038313.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038319.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038321.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038322.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038329.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038330.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038351.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038352.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038353.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038357.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP76/A0038320.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP8/A0022947.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP83/A0039492.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP93/A0040761.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP93/A0040764.lnk': Permission denied Failed to scan '/media/HP_PAVILION/System Volume Information/_restore{106CF321-99A3-4E3A-9103-1BD027606A99}/RP93/A0040771.lnk': Permission denied

I have run BD twice. Once it gets to about 45 minutes of scan if stops and then shows the message I last posted. I recognize why some files did not scan, as they are the DDS, MBAM, MSE, SAS anti-mal log files. The remaining are System Volume Information/_restore files {numbers}/.pif and there are 61 listed. BD does not appear to "finish", it stops and gives this info, then I have to try and close out of the program somehow. Now I am getting a nvsvc32.exe App Error message.

I received the following message that "Threats may be present on your system" It gave a list of files that "Failed to scan: Permission denied" There is no option to print or save the results, I am given the option to "Resolve Issues" but it will not let me go to the "Results Summary". I will try and record manually. Please advise. BD identified some issues that I knew I had in my I/O (CD Drive) which I can work on but these should not be creating my issues.

Your link to Bitdefender is broken. I will try other sites, but first have to run for more blank CD's...

Microsoft Management Console is where you access the Console Root, which is a compilation of Device Manager, IIS, Event Viewer, Registry and Folder activities. It is used to set various security permission configuration on Local and Group levels like Administrator, Guests, ETC to access and make changes to alot of computer operations. At least that's the way I understand it. It has a "snap-in" tool to do security diagnostics on all those levels. I run a system security analysis, and it provides a report on that analysis, then I run configuration utility and it works to modify security by program and I am provided another report on security status. Windows used to provide this in the secedit (security edit) command . I was finding various issues using MMC and seeing Internet permissions, file access, event viewer commands that I questioned that were similar in the symptoms I described to you with regard to VIrus activity. I have a few files that Windows cannot set security permissions on by program because of issues (unknown yet) in the files it finds . I can give you the log file of what it finds in analysis and then a log after configuration is completed. These analysis and configeration reports were quite lengthy when I started, but they grow smaller each time. I have not made many manual modifications to the Console, I am watching what MMC is doing.

I still have the difficulties with the monitor, especially getting to the MSE and WDO Scan. I dont have any issues searching for anti-mal sites, just entering their site to download. So this status has not changed in a while, in fact it happened just a few minutes ago when I tried to download MSRT. I cannot get the K Rescue Disk to work. I am running MMC and trying to solidify my security, and this seems to be going well. Would you like to see if there is anything in my secedit file log that may give some insight?

Onlt got a single report this time. Is that usual? Sorry, I wasn't sure which was the Windows Error section. OTL logfile created on: 1/27/2013 5:17:17 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 457.43 Mb Available Physical Memory | 47.72% Memory free 2.26 Gb Paging File | 1.84 Gb Available in Paging File | 81.52% Paging File free Paging file location(s): C:\pagefile.sys 1437 1437 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 177.81 Gb Total Space | 148.79 Gb Free Space | 83.68% Space Free | Partition Type: NTFS Drive D: | 8.49 Gb Total Space | 0.40 Gb Free Space | 4.73% Space Free | Partition Type: FAT32 Computer Name: PRECONMANAGER | User Name: HP_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/23 21:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.exe PRC - [2012/12/31 21:21:46 | 000,170,408 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe ========== Modules (No Company Name) ========== MOD - [2013/01/09 01:17:38 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013/01/09 01:17:25 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013/01/09 01:17:08 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2013/01/09 01:15:18 | 000,630,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2013/01/09 01:15:17 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2013/01/09 01:15:12 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013/01/09 01:15:00 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WNA3100.exe MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA3100\WifiSvcLib.dll MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2005/08/02 23:19:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\armcex.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/01/19 23:09:01 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/18 17:59:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/31 21:21:46 | 000,170,408 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/09/23 06:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100) SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008/04/13 16:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc) SRV - [2008/04/13 16:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip) SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\MFWCtwl.sys -- (SamsungMonitorFirmware) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8192su.sys -- (RTL8192su) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX) DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/06/22 03:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC) DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008/12/04 05:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3) DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST) DRV - [2008/04/13 10:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/13 10:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2005/12/12 15:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2005/11/21 16:27:15 | 000,021,120 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms -- (PCD5SRVC{085326CB-51A3560A-05010003}) DRV - [2005/07/29 16:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005/07/29 16:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005/06/29 16:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2) DRV - [2005/03/09 12:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004/08/09 20:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/09 20:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004/08/03 13:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) DRV - [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {580E20EE-5EC3-480C-8BB1-8065078D64D7} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{580E20EE-5EC3-480C-8BB1-8065078D64D7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{11DBEFBC-BDD6-450B-836B-726914EE0A20}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=8W&apn_dtid=YYYYYYT2US&apn_uid=7180f432-45bd-4b15-8dc2-2f441849a123&apn_sauid=FC0FEDBC-D4B3-4DC5-B80B-29957050ED6A IE - HKCU\..\SearchScopes\{580E20EE-5EC3-480C-8BB1-8065078D64D7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enUS516 IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8ED78D72-5185-4E7A-BA8A-14F96E679640}&mid=dd84e028671247d19312d15e77eb6dc2-77ed74525ca4a002ea35700d50ae21a03af7db95〈=en&ds=AVG&pr=pr&d=2012-12-09 14:18:08&v=13.3.0.17&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "http://us.search.yahoo.com/search?fr=ytff-comodo&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll File not found FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 18:00:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/21 13:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions [2012/12/12 21:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nwhnc90v.default\extensions [2013/01/18 17:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/18 18:00:00 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/12/30 11:31:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/12/30 11:31:09 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://us.yahoo.com?fr=fpc-comodo CHR - homepage: http://us.yahoo.com?fr=fpc-comodo O1 HOSTS File: ([2013/01/26 09:09:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA3100\WNA3100.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340928547156 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect121.cab (GMNRev Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (LogData Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E518782A-6667-464A-9A06-0CE54C8FA163}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F70B6B08-5B6D-4E73-A19F-A0A751D2F05B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\viprotocol - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/09 16:17:46 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/26 17:57:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/01/26 08:53:08 | 005,026,751 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe [2013/01/25 13:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\PCC [2013/01/24 14:45:14 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013/01/22 15:06:49 | 000,642,432 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys [2013/01/22 15:06:46 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2013/01/22 15:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard [2013/01/22 15:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR [2013/01/22 15:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield [2013/01/21 10:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\AppVerifierLogs [2013/01/21 10:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Application Verifier [2013/01/21 10:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier [2013/01/20 23:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem [2013/01/20 22:20:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent [2013/01/19 17:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Uninstaller Tool(Comodo Forums) [2013/01/19 01:02:27 | 000,141,640 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5DCF3DE2.sys [2013/01/18 23:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2013/01/18 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2013/01/18 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information [2013/01/18 23:34:09 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe [2013/01/18 23:11:51 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/01/18 21:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware [2013/01/18 20:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2013/01/18 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility [2013/01/18 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/18 17:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2013/01/17 13:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\VSRevoGroup [2013/01/17 12:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/01/17 12:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Revo Uninstaller [2013/01/17 10:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\ACW [2013/01/17 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2013/01/17 08:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/17 08:32:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/01/16 07:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com [2013/01/15 15:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Search [2013/01/15 14:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search [2013/01/15 14:35:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll [2013/01/15 14:35:51 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll [2013/01/15 14:35:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll [2013/01/15 00:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/01/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/01/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/01/14 11:29:04 | 000,000,000 | ---D | C] -- C:\Samsung [2013/01/13 22:44:48 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll [2013/01/13 22:05:54 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/01/13 22:04:59 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2013/01/12 08:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/01/11 14:54:15 | 000,000,000 | ---D | C] -- C:\tdsskiller [2013/01/11 14:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine [2013/01/10 21:20:17 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/01/10 13:30:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/01/10 13:30:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/01/10 13:30:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/01/10 13:30:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/01/10 13:29:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/10 13:29:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/01/10 13:03:38 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/07 10:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\FixItCenter [2013/01/07 10:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS [2013/01/06 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Boot.ini File Copy [2013/01/06 11:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/01/06 00:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData [2013/01/06 00:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling [2013/01/06 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started [2013/01/06 00:17:46 | 000,000,000 | ---D | C] -- C:\swsetup [2013/01/05 17:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sonic [2013/01/05 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\LUA Protocol [2013/01/05 14:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads [2013/01/04 18:46:01 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\FixitCenter_Run.exe [2013/01/04 18:39:35 | 000,000,000 | ---D | C] -- C:\MATS [2013/01/04 09:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/01/04 09:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/03 10:55:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2013/01/03 10:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2013/01/03 10:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WinUpdates [2013/01/02 20:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\A&ADemo [2013/01/02 20:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Atari [2013/01/02 20:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atari [2013/01/02 10:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\GeekBuddyRSP [2013/01/01 21:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer [2012/12/31 23:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun [2012/12/31 21:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/12/31 21:22:30 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/12/31 21:22:30 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/31 21:22:30 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/12/31 21:22:19 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/12/31 21:22:19 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/12/31 21:22:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/12/31 21:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/12/30 11:46:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Favorites [2012/12/29 18:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO [2012/12/29 18:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP [2012/12/29 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\COMODO [2012/12/29 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2012/12/29 18:01:07 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine [2011/11/25 12:52:11 | 068,771,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe [2011/04/29 20:21:39 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2011/04/14 07:24:16 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe [2011/04/04 11:25:21 | 287,796,859 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\aa_demo_setup.exe ========== Files - Modified Within 30 Days ========== [2013/01/27 17:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/27 13:30:01 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job [2013/01/27 01:59:49 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/01/27 00:37:13 | 000,016,948 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2013/01/26 23:55:55 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013/01/26 23:55:46 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job [2013/01/26 23:54:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/26 23:54:37 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/01/26 18:14:28 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Hearts.lnk [2013/01/26 13:33:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/26 12:09:20 | 000,000,791 | ---- | M] () -- C:\WINDOWS\orun32.ini [2013/01/26 09:25:30 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut (2) to ComboFix.lnk [2013/01/26 09:09:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/01/26 08:53:23 | 000,000,588 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.lnk [2013/01/26 08:45:05 | 005,026,751 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe [2013/01/25 23:47:39 | 000,000,155 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Files named google.fnd [2013/01/24 07:54:12 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2003.lnk [2013/01/23 21:44:29 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk [2013/01/22 21:04:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/01/22 15:11:29 | 000,588,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/22 15:11:29 | 000,119,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/22 15:07:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2013/01/22 15:06:45 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/22 15:06:45 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/21 12:37:57 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to dds.com.pif [2013/01/21 10:34:19 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Application Verifier.lnk [2013/01/21 00:10:13 | 000,001,125 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/01/21 00:10:13 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/20 23:19:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/01/20 23:19:45 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Security Essentials.lnk [2013/01/20 22:30:23 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\pcdhdm.cpl [2013/01/19 23:09:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/19 23:09:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/19 16:48:22 | 000,004,819 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/01/19 16:44:48 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2013/01/19 16:44:47 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/01/19 16:44:40 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/01/19 16:44:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013/01/19 15:26:03 | 000,001,282 | RHS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.pol [2013/01/19 01:02:28 | 000,141,640 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5DCF3DE2.sys [2013/01/18 23:49:16 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/01/18 23:42:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013/01/18 23:42:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013/01/18 21:05:50 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk [2013/01/18 20:56:22 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/18 20:56:22 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/01/18 20:53:41 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to LSDiagnosticUtility.exe.lnk [2013/01/17 13:29:47 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2013/01/17 12:04:01 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk [2013/01/16 06:41:09 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.lnk [2013/01/15 14:37:29 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2013/01/11 16:34:58 | 151,469,960 | ---- | M] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe [2013/01/10 21:50:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_188 [2013/01/10 21:20:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini [2013/01/10 13:20:46 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013/01/07 10:32:23 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2013/01/06 19:44:12 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb [2013/01/06 11:04:57 | 000,011,892 | ---- | M] () -- C:\WINDOWS\CUAppUsage.Dat [2013/01/05 21:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013/01/05 15:51:11 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\LUA Protocol.lnk [2013/01/04 18:46:01 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\FixitCenter_Run.exe [2013/01/03 22:32:49 | 000,027,678 | ---- | M] () -- C:\Program Files\CisReport_v6.0.260739.2674_20130103-223244.zip [2013/01/02 20:31:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Axis & Allies Demo.lnk [2013/01/02 08:13:50 | 000,008,404 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-081346.zip [2013/01/02 05:34:21 | 000,007,221 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-053412.zip [2013/01/01 20:24:14 | 000,007,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130101-202403.zip [2012/12/31 21:21:48 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/12/31 21:21:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/12/31 21:21:46 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/12/31 21:21:46 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/31 21:21:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/12/31 21:21:46 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/12/31 21:21:46 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/12/31 19:32:23 | 000,000,004 | ---- | M] () -- C:\WINDOWS\CSCCompactState [2012/12/31 18:26:24 | 000,000,280 | ---- | M] () -- C:\Boot.bak [2012/12/31 14:05:00 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Solitaire.lnk [2012/12/30 12:44:10 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf ========== Files Created - No Company Name ========== [2013/01/26 09:25:29 | 000,000,426 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut (2) to ComboFix.lnk [2013/01/26 08:53:23 | 000,000,588 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.lnk [2013/01/25 23:47:39 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Files named google.fnd [2013/01/23 21:44:29 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk [2013/01/22 20:25:20 | 000,016,948 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2013/01/22 15:06:45 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/22 15:06:45 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/21 12:37:57 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to dds.com.pif [2013/01/21 10:34:19 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Application Verifier.lnk [2013/01/21 00:10:13 | 000,001,125 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/01/20 23:23:05 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Security Essentials.lnk [2013/01/20 23:19:45 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/01/20 15:21:41 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/01/19 16:44:48 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2013/01/19 16:44:47 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/01/19 16:44:02 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013/01/19 16:44:02 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk [2013/01/18 21:05:50 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk [2013/01/18 20:56:22 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/18 20:56:22 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/18 20:56:22 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/01/18 20:53:41 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to LSDiagnosticUtility.exe.lnk [2013/01/18 17:02:05 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2013/01/17 12:04:01 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk [2013/01/17 08:32:34 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/16 06:41:09 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.lnk [2013/01/15 14:37:29 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk [2013/01/15 14:37:29 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2013/01/13 21:58:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/11 16:28:50 | 151,469,960 | ---- | C] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe [2013/01/10 13:30:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/01/10 13:30:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/01/10 13:30:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/01/10 13:30:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/01/10 13:30:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/01/07 10:36:06 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job [2013/01/07 10:36:04 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job [2013/01/07 10:32:23 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk [2013/01/07 10:32:23 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2013/01/06 19:44:11 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb [2013/01/06 06:34:14 | 000,043,609 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb [2013/01/05 15:47:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\LUA Protocol.lnk [2013/01/03 22:32:47 | 000,027,678 | ---- | C] () -- C:\Program Files\CisReport_v6.0.260739.2674_20130103-223244.zip [2013/01/02 20:31:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Axis & Allies Demo.lnk [2013/01/02 08:13:49 | 000,008,404 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-081346.zip [2013/01/02 05:34:20 | 000,007,221 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-053412.zip [2013/01/01 20:24:13 | 000,007,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130101-202403.zip [2013/01/01 19:59:44 | 000,011,892 | ---- | C] () -- C:\WINDOWS\CUAppUsage.Dat [2012/12/31 19:27:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\CSCCompactState [2012/12/30 11:48:23 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/12/30 11:48:23 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk [2012/12/28 15:49:52 | 000,005,956 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/12/09 20:12:42 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config [2012/12/09 10:12:29 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012/12/06 16:39:33 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/12/06 16:39:33 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/12/06 16:39:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/12/06 16:38:32 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/02/15 16:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/26 19:46:24 | 000,000,448 | ---- | C] () -- C:\Program Files\0126201219462482.bat [2012/01/06 17:22:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF645.ini [2011/11/25 19:49:45 | 000,000,458 | ---- | C] () -- C:\Program Files\1125201119494514.bat [2011/11/25 13:33:00 | 000,042,836 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/05/17 09:29:13 | 000,001,282 | RHS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.pol [2011/05/15 19:10:29 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2011/05/15 19:10:29 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2011/05/15 19:10:28 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2011/05/15 19:10:28 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2011/05/15 19:10:28 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2011/05/15 19:10:28 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini [2011/04/16 13:59:30 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011/04/16 13:59:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2011/04/16 13:58:13 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2009/05/23 15:06:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/23 14:55:22 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2005/08/30 19:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/03/09 16:17:46 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/12/31 18:26:24 | 000,000,280 | ---- | M] () -- C:\Boot.bak [2013/01/10 21:20:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini [2004/08/09 13:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2013/01/26 09:12:46 | 000,026,238 | ---- | M] () -- C:\ComboFix.txt [2005/08/30 20:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013/01/04 18:46:01 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\FixitCenter_Run.exe [2012/01/07 20:53:06 | 069,744,132 | ---- | M] () -- C:\hpWebHelper.log [2005/08/30 20:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/08/30 20:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/09 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011/04/04 15:52:22 | 000,250,048 | RHS- | M] () -- C:\ntldr [2013/01/26 23:54:31 | 1506,803,712 | -HS- | M] () -- C:\pagefile.sys [2013/01/23 00:01:26 | 000,006,792 | ---- | M] () -- C:\resetlog.txt [2013/01/11 16:34:58 | 151,469,960 | ---- | M] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe [2013/01/19 11:27:39 | 000,066,282 | ---- | M] () -- C:\SIGNED.TXT [2013/01/19 11:27:39 | 000,092,506 | ---- | M] () -- C:\SIGVERIF.TXT [2004/06/11 15:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe [2013/01/06 21:31:56 | 000,093,816 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.01.2013_21.31.19_log.txt [2013/01/11 14:55:53 | 000,003,768 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.01.2013_14.55.21_log.txt [2013/01/11 15:40:03 | 000,356,756 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.01.2013_15.00.58_log.txt [2013/01/19 11:27:39 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT [2013/01/19 11:27:39 | 000,025,560 | ---- | M] () -- C:\UNSCANNED.TXT [2013/01/19 11:27:34 | 000,002,124 | ---- | M] () -- C:\UNSIGNED.TXT < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\volsnap.sys:SummaryInformation < End of report >

Do you recognize that any of those commands might be necessary? I cannot turn them off, or define their use (as you can in the Guest account which is empty by the way). My only option is to delete them line by line if I wish. Would deleting them create problems? If I do delete, how will I find the ramifications? I might have found another access point, as there is another similar module called "Network Access: Shares that can be accessed anonomously" Its default is "None Specified" but has definitions as well. Both of these modules are in my local policy settings. Can these be accessed from "outside"? I haven't messed with the "IP Security Policies on Local Computer" as I am still reading up on this. The Console Root is showing no policy assigned? I am using the "Security Configuration and Analysis" function to analyze and configure my security settings and then I read the logs for missing file or mismatch. Each time I do this, my logs show those are being reduced. I try and save those logs, but when re-reading them in their saved location, somehow they are reverted (changed dates and info from previous point in time). In the latest configuration the report in Console Root view shows, "Configure Password information, LSA anonomous name setting, existing (string) Configure anonomous lookup setting, Guest account is disabled." (Guest is currently "disabled") Then it configured System Access successfully. In this same report I see a few files with description "Error setting security on (file name). What could this be? Am I going in the right direction...can I be creating problems or playing into the virus' hand? I have a restore point set to return to if I do. I am really determined to find this "disease".

I was searching through my MMC (MS Mgmt Console) for any issues I might question you about, specifically anything I saw relative to Network security access. In my Local Security Policy settings there was a module that opened up and is called "Network Access: Named pipes the can be accessed anonymously". It explains that "This security setting determines which communication sessions (pipes) will have attributes and permissions that allow anonymous access." The default is: None. I have six entries COMNAP, COMNODE, SQL\QUERY, SPOOLSS, LLSRPC and browser. I was going to ask if I shoud set this back to default. Looked kind of suspicious to me also, and that is wht I asked.

Returned 0/46 The last one I copied and pasted from the program "came out weird" is their any special trick? Question: I have "browser" listed in my Network Access named pipes that can be accessed anonomously. I this usual?

ComboFix 13-01-26.02 - HP_Administrator 01/26/2013 8:58.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.464 [GMT -8:00] Running from: c:\documents and settings\HP_Administrator\My Documents\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\HP_Administrator\Templates\Folder Options.lnk c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 ))))))))))))))))))))))))))))))) . . 2013-01-26 10:35 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D865110-D78B-47EC-B7BB-B6F5F0926788}\mpengine.dll 2013-01-25 10:03 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-24 22:45 . 2013-01-25 00:02 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-01-23 18:29 . 2013-01-25 05:53 -------- d-----w- c:\documents and settings\Amanda1998 2013-01-23 07:47 . 2013-01-23 07:47 -------- d-----w- c:\windows\system32\wbem\Repository 2013-01-22 23:06 . 2009-11-06 16:26 642432 ----a-w- c:\windows\system32\drivers\bcmwlhigh5.sys 2013-01-22 23:06 . 2010-02-03 19:21 50704 ----a-w- c:\windows\system32\drivers\npf.sys 2013-01-22 23:06 . 2013-01-22 23:06 -------- d-----w- c:\program files\NETGEAR 2013-01-22 23:05 . 2013-01-22 23:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\InstallShield 2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\documents and settings\HP_Administrator\AppVerifierLogs 2013-01-21 18:32 . 2013-01-21 18:32 -------- d-----w- c:\program files\Application Verifier 2013-01-21 07:35 . 2013-01-21 07:35 -------- d-----w- c:\program files\LSI SoftModem 2013-01-21 06:09 . 2013-01-21 06:09 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\PCHealth 2013-01-20 01:37 . 2013-01-20 01:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Uninstaller Tool(Comodo Forums) 2013-01-19 09:02 . 2013-01-19 09:02 141640 ----a-w- c:\windows\system32\drivers\5DCF3DE2.sys 2013-01-19 07:45 . 2013-01-26 07:13 -------- d-----w- c:\windows\system32\CatRoot2 2013-01-19 07:34 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe 2013-01-19 07:11 . 2013-01-19 07:11 -------- d-----w- C:\RegBackup 2013-01-19 05:25 . 2013-01-19 05:25 -------- d-----w- c:\windows\Microsoft Antimalware 2013-01-19 04:54 . 2013-01-19 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2013-01-19 04:45 . 2013-01-19 04:45 -------- d-----w- c:\program files\LightScribe Diagnostic Utility 2013-01-17 21:05 . 2013-01-17 21:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\VSRevoGroup 2013-01-17 20:04 . 2013-01-17 20:04 -------- d-----w- c:\program files\VS Revo Group 2013-01-17 18:56 . 2013-01-17 18:56 -------- d-----w- c:\program files\ACW 2013-01-17 16:32 . 2012-12-15 00:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-16 15:02 . 2013-01-21 06:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com 2013-01-15 23:09 . 2013-01-15 23:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Search 2013-01-15 22:37 . 2013-01-15 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search 2013-01-15 22:35 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll 2013-01-15 22:35 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll 2013-01-15 22:35 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll 2013-01-15 08:25 . 2013-01-26 16:51 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-01-15 08:25 . 2013-01-15 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2013-01-14 19:29 . 2013-01-14 19:29 -------- d-----w- C:\Samsung 2013-01-14 06:44 . 2001-08-17 22:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2013-01-14 06:05 . 2013-01-19 07:49 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-01-14 06:04 . 2013-01-19 07:49 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2013-01-12 16:59 . 2013-01-12 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro 2013-01-12 00:28 . 2013-01-12 00:34 151469960 ----a-w- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe 2013-01-11 22:54 . 2013-01-11 22:54 -------- d-----w- C:\tdsskiller 2013-01-10 21:03 . 2013-01-10 21:03 -------- d-----w- C:\_OTL 2013-01-08 17:07 . 2013-01-08 17:07 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple 2013-01-07 18:42 . 2013-01-07 18:42 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\FixItCenter 2013-01-07 18:32 . 2013-01-07 18:32 -------- d-----w- c:\windows\MATS 2013-01-06 19:09 . 2013-01-21 07:19 -------- d-----w- c:\program files\Microsoft Security Client 2013-01-06 08:21 . 2013-01-06 08:21 -------- d-----w- C:\ProgramData 2013-01-06 08:18 . 2013-01-06 08:18 -------- d---a-w- c:\program files\Common Files\LS Getting Started 2013-01-06 08:17 . 2013-01-19 04:04 -------- d---a-w- C:\swsetup 2013-01-06 01:37 . 2013-01-06 01:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic 2013-01-05 02:46 . 2013-01-05 02:46 450352 ----a-w- C:\FixitCenter_Run.exe 2013-01-05 02:39 . 2013-01-20 22:07 -------- d-----w- C:\MATS 2013-01-04 17:58 . 2013-01-04 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-04 17:58 . 2013-01-21 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 18:55 . 2013-01-03 18:55 -------- d-----w- c:\windows\system32\winrm 2013-01-03 18:54 . 2013-01-03 18:55 -------- dc----w- c:\windows\$968930Uinstall_KB968930$ 2013-01-03 18:54 . 2013-01-03 19:00 -------- d-----w- c:\documents and settings\HP_Administrator\WinUpdates 2013-01-03 04:30 . 2013-01-03 04:30 -------- d-----w- c:\program files\Atari 2013-01-03 04:29 . 2013-01-03 04:29 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2013-01-03 04:29 . 2013-01-03 04:29 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2013-01-03 01:13 . 2013-01-03 01:13 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\isp2A.tmp\Setup.dll 2013-01-03 01:13 . 2013-01-03 01:13 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\isp2D.tmp\IGdi.dll 2013-01-03 01:13 . 2003-02-28 00:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2013-01-03 01:13 . 2002-12-05 22:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2013-01-03 01:13 . 2002-12-02 23:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2013-01-03 01:13 . 2002-12-02 21:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll 2013-01-03 01:13 . 2002-12-02 21:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2013-01-02 19:13 . 2013-01-02 19:13 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2013-01-02 19:12 . 2013-01-02 19:12 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2013-01-02 19:12 . 2013-01-02 19:12 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Box Sync 2013-01-02 18:58 . 2013-01-02 18:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\GeekBuddyRSP 2013-01-02 05:45 . 2013-01-02 05:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2013-01-01 07:20 . 2013-01-01 07:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sun 2013-01-01 05:22 . 2013-01-01 05:22 -------- d-----w- c:\program files\Common Files\Java 2013-01-01 05:22 . 2013-01-01 05:21 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-01 05:22 . 2013-01-01 05:21 143872 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-01 05:22 . 2013-01-01 05:21 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-01-01 05:19 . 2013-01-01 05:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-12-30 02:16 . 2013-01-02 19:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO 2012-12-30 02:16 . 2012-12-30 02:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\GeekBuddyRSP 2012-12-30 02:16 . 2013-01-20 01:49 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\COMODO 2012-12-30 02:16 . 2013-01-17 19:34 -------- d-----w- c:\program files\Comodo 2012-12-30 02:01 . 2013-01-04 02:52 -------- d-----w- C:\CCE_Quarantine 2012-12-28 03:39 . 2012-12-28 03:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage 2012-12-28 03:39 . 2012-12-28 03:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\HP 2012-12-27 23:53 . 2012-12-27 23:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes 2012-12-27 22:28 . 2012-12-27 22:28 -------- d-----w- c:\documents and settings\HP_Administrator\SecurityScans . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-21 06:30 . 2011-05-13 02:13 38400 ----a-w- c:\windows\system32\pcdhdm.cpl 2013-01-20 07:09 . 2012-05-08 02:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-20 07:09 . 2011-12-29 23:49 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-01 05:21 . 2011-12-08 00:52 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-16 12:23 . 2004-08-10 04:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-10 04:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2009-08-20 00:07 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-10 04:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec 2012-01-27 03:46 . 2012-01-27 03:46 448 ----a-w- c:\program files\0126201219462482.bat 2011-11-26 03:49 . 2011-11-26 03:49 458 ----a-w- c:\program files\1125201119494514.bat 2011-11-25 21:13 . 2011-11-25 20:52 68771184 ----a-w- c:\program files\iTunesSetup.exe 2011-04-30 04:22 . 2011-04-30 04:21 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe 2011-04-14 15:24 . 2011-04-14 15:24 38808920 ----a-w- c:\program files\FileFormatConverters.exe 2011-04-07 22:10 . 2011-04-04 19:25 287796859 ----a-w- c:\program files\aa_demo_setup.exe 2013-01-19 02:00 . 2013-01-19 01:59 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked] @="{C253B817-3A00-475f-A5A3-6F2DD704B48D}" [HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}] 2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced] @="{19ACC806-F7AA-46AA-A80A-726A07CA6637}" [HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}] 2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs] @="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}" [HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}] 2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced] @="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}" [HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}] 2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab] @="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}" [HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}] 2009-11-06 05:17 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "MsmqIntCert"="mqrt.dll" [2009-06-25 177152] "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136] . c:\documents and settings\Amanda1998\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136] . c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-9 27136] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WNA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA3100\WNA3100.exe [2013-1-22 4577760] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "5985:TCP"= 5985:TCP:Windows Remote Management . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) "AllowInboundEchoRequest"= 1 (0x1) . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 10:54 AM 116608] R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 12:13 PM 38144] R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/9/2004 8:00 PM 14336] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [1/22/2013 3:06 PM 642432] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S1 avgtp;avgtp;\??\c:\windows\system32\drivers\avgtpx86.sys --> c:\windows\system32\drivers\avgtpx86.sys [?] S1 MpKsl0132abf7;MpKsl0132abf7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D865110-D78B-47EC-B7BB-B6F5F0926788}\MpKsl0132abf7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D865110-D78B-47EC-B7BB-B6F5F0926788}\MpKsl0132abf7.sys [?] S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [?] S2 WSWNA3100;WSWNA3100;c:\program files\NETGEAR\WNA3100\WifiSvc.exe [1/22/2013 3:06 PM 285152] S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [11/21/2005 4:27 PM 21120] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys --> c:\windows\system32\DRIVERS\RTL8192su.sys [?] S3 SamsungMonitorFirmware;SamsungMonitorFirmware;c:\windows\system32\drivers\MFWCtwl.sys --> c:\windows\system32\drivers\MFWCtwl.sys [?] S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?] S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [5/23/2009 4:49 PM 627072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2012-07-02 23:40 453736 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 07:09] . 2013-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57] . 2013-01-26 c:\windows\Tasks\ConfigExec.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09] . 2013-01-26 c:\windows\Tasks\DataUpload.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09] . 2013-01-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 01:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nwhnc90v.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p= . - - - - ORPHANS REMOVED - - - - . SafeBoot-23437648.sys AddRemove-LSI Soft Modem - c:\windows\agrsmdel . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-26 09:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{085326CB-51A3560A-05010003}] "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1696) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\Box Sync\BoxIconOverlayHandler.dll c:\program files\Box Sync\BoxUtils.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\msdtc.exe c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\arservice.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Google\Update\GoogleUpdate.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\windows\system32\tcpsvcs.exe c:\windows\System32\snmp.exe c:\windows\system32\mqsvc.exe c:\windows\system32\SearchIndexer.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\mqtgsvc.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe . ************************************************************************** . Completion time: 2013-01-26 09:12:45 - machine was rebooted ComboFix Qoobox-quarantined-files.txt 2013-01-26 16:34 ComboFix-quarantined-files.txt 2013-01-26 17:12 ComboFix2.txt 2013-01-11 05:54 . Pre-Run: 160,234,500,096 bytes free Post-Run: 160,248,852,480 bytes free . - - End Of File - - 50486FF10BA0DA944D8085147A1F2088

Farbar Service Scanner Version: 16-01-2013 Ran by HP_Administrator (administrator) on 25-01-2013 at 22:06:31 Running from "K:\" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys [2004-08-09 20:00] - [2004-08-09 13:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24 C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(9) BridgeMP(8) Gpc(6) IPSec(4) NetBT(5) NwlnkIpx(11) NwlnkNb(12) PSched(7) Tcpip(3) Tcpip6(10) 0x0D000000040000000100000002000000030000000A0000000D0000000E00000005000000060000000700000008000000090000000B000000 IpSec Tag value is correct. **** End of log ****

At conclusion of the scan, I was not prompted or did I see any popup regarding found objects. I have files in C: now that I do not believe were on the original disk. I did not open because I do not recognize the file type: There is a "report" subfile with the following tree below. They are all small (up to 11KB) 00-DAT Files. 0A-DAT Files 01 through 09 Files with typical entries Detected.idx Detected.rpt 3 more DAT Files report.rpt There is a scanobject file under the main withour a file type. The qb subfile is showing no files. Would you like me to "attach" these?

I re-ran the disk but did not run the scan. In the menu before the scan, there is an update key which says "Database Status Out of Date" as of 1/19/13. Upon pressing the update button I got a malfunction notice that the "update source could not be found". I poked around and found the following notification "Start Objects Scan-completed 15730 days ago. This was on a page showing the date of 1/25/13. The internet connection was disconnected (lower right icon tray). I opened and found a notification menu and it said "unknown host www....(I've hidden)....com.". This program could not connect to the Internet for an update. I tried to record what I found with a screen shot, but could find no way to save it, I also tried to capture the page link no luck. I could not find my file in the program cabinet, so the program didn't complete the copy to my C: files. A side note: When running this program I did experience some screen distortion (1 inch black screen obstruction horizontally one side to the other) at times.

I'm not sure I saved correctly. I saved it just as you described with a .txt extension and now I cannot find it in my C:/ files and I did an internal search for it as well. If I cannot find it, should I rerun the scan?

OK I have completed the scan. I see the file where I saved it. How do I send this file to you?

0/46

<table style="margin-bottom:8px;margin-left:8px;"> <tbody> <tr> <td> SHA256:</td> <td> 244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708</td> </tr> <tr class="collapsable hide" style="display: table-row;"> <td> SHA1:</td> <td> 881df4df08eeba9390ff6ffeff6a49aea73045bd</td> </tr> <tr class="collapsable hide" style="display: table-row;"> <td> MD5:</td> <td> 21850af423e983904cd63d43a560387d</td> </tr> <tr class="collapsable hide" style="display: table-row;"> <td> File size:</td> <td> 49.0 KB ( 50176 bytes )</td> </tr> <tr> <td> File name:</td> <td> ARMCEX.DLL</td> </tr> <tr class="collapsable hide" style="display: table-row;"> <td> File type:</td> <td> Win32 DLL</td> </tr> <tr> <td> Detection ratio:</td> <td class="text-green "> 0 / 46</td> </tr> <tr> <td> Analysis date:</td> <td> 2013-01-24 07:05:21 UTC ( 0 minutes ago )</td> </tr> </tbody> </table> <div id="votes-resume" style="float:right; margin-right:10px;"> <div class="popover-spot" data-content="This file has a reputation of 0 in an scale from -100 to 100" data-original-title="Reputation" data-placement="left" rel="popover" style="clear:both; float:right; width:125px;"><img id="google-o-meter" src="https://chart.googleapis.com/chart?chs=120x60&cht=gom&chco=d60c1A,379f32&chds=-100,100&chd=t:0" /></div> <div style="clear:both;"> <div class="thumb-up" style="padding-left:8px;float:right"> <div class="value text-green" id="harmless-votes" style="float:right">0</div> </div> <div class="thumb-down" style="float:right"> <div class="value text-red" id="malicious-votes" style="float:right;display:block">0</div> </div> </div> </div> <div class="center toggle less" id="toggle-details">Less details</div> <ul class="nav nav-tabs" id="tabs" style="float: none; display: block;"> <li class="active"><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#analysis">Analysis</a></li> <li><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#comments">Comments</a></li> <li><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#votes">Votes</a></li> <li><a data-toggle="tab" href="https://www.virustotal.com/file/244674bf981ffb657a9d4b60f060b3f9ce87d707d8243190949a6eddeff9a708/analysis/1359011121/#additional-info">Additional information</a></li> </ul> <table class="table table-bordered table-striped" id="antivirus-results"> <thead> <tr> <th class="header headerSortDown"> Antivirus</th> <th class="header" id="results-header" style="cursor:pointer;"> Result</th> <th class="header"> Update</th> </tr> </thead> <tbody> <tr> <td> Agnitum</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> AhnLab-V3</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> AntiVir</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Antiy-AVL</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> Avast</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> AVG</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> BitDefender</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> ByteHero</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> CAT-QuickHeal</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> ClamAV</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Commtouch</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Comodo</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> DrWeb</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Emsisoft</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> eSafe</td> <td> -</td> <td> 20130120</td> </tr> <tr> <td> ESET-NOD32</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> F-Prot</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> F-Secure</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Fortinet</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> GData</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Ikarus</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Jiangmin</td> <td> -</td> <td> 20121221</td> </tr> <tr> <td> K7AntiVirus</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> Kaspersky</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Kingsoft</td> <td> -</td> <td> 20130121</td> </tr> <tr> <td> Malwarebytes</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> McAfee</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> McAfee-GW-Edition</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Microsoft</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> MicroWorld-eScan</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> NANO-Antivirus</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Norman</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> nProtect</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Panda</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> PCTools</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Rising</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Sophos</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> SUPERAntiSpyware</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> Symantec</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> TheHacker</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> TotalDefense</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> TrendMicro</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> TrendMicro-HouseCall</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> VBA32</td> <td> -</td> <td> 20130123</td> </tr> <tr> <td> VIPRE</td> <td> -</td> <td> 20130124</td> </tr> <tr> <td> ViRobot</td> <td> -</td> <td> 20130124</td> </tr> </tbody> </table> <p> </p>

I would like to take the quick way out but I do not have my Windows XP Professional CD anymore....or else I would have. Running virustotal....brb

CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/22 15:06:49 | 000,642,432 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwlhigh5.sys [2013/01/22 15:06:46 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll [2013/01/22 15:06:46 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll [2013/01/22 15:06:46 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys [2013/01/22 15:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard [2013/01/22 15:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR [2013/01/22 15:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield [2013/01/21 10:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\AppVerifierLogs [2013/01/21 10:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Application Verifier [2013/01/21 10:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier [2013/01/20 23:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem [2013/01/20 22:20:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent [2013/01/19 17:37:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Uninstaller Tool(Comodo Forums) [2013/01/19 01:02:27 | 000,141,640 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5DCF3DE2.sys [2013/01/18 23:46:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2013/01/18 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2013/01/18 23:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information [2013/01/18 23:34:09 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe [2013/01/18 23:11:51 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/01/18 21:25:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware [2013/01/18 20:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2013/01/18 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\LightScribe Diagnostic Utility [2013/01/18 17:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/18 17:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2013/01/17 13:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\VSRevoGroup [2013/01/17 12:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/01/17 12:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Revo Uninstaller [2013/01/17 10:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\ACW [2013/01/17 09:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2013/01/17 08:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/17 08:32:25 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/01/16 07:02:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com [2013/01/15 15:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Search [2013/01/15 14:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search [2013/01/15 14:35:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll [2013/01/15 14:35:51 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll [2013/01/15 14:35:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll [2013/01/15 00:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2013/01/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2013/01/15 00:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/01/14 11:29:04 | 000,000,000 | ---D | C] -- C:\Samsung [2013/01/13 22:44:48 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll [2013/01/13 22:05:54 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/01/13 22:04:59 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs [2013/01/12 08:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2013/01/11 14:54:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/01/11 14:54:15 | 000,000,000 | ---D | C] -- C:\tdsskiller [2013/01/11 14:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\RK_Quarantine [2013/01/10 21:20:17 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013/01/10 13:30:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/01/10 13:30:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/01/10 13:30:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/01/10 13:30:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/01/10 13:29:52 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/10 13:29:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/01/10 13:03:38 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/07 10:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\FixItCenter [2013/01/07 10:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS [2013/01/06 16:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Boot.ini File Copy [2013/01/06 11:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/01/06 00:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData [2013/01/06 00:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling [2013/01/06 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LS Getting Started [2013/01/06 00:17:46 | 000,000,000 | ---D | C] -- C:\swsetup [2013/01/05 17:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Sonic [2013/01/05 15:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\LUA Protocol [2013/01/05 14:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads [2013/01/04 18:46:01 | 000,450,352 | ---- | C] (Microsoft Corporation) -- C:\FixitCenter_Run.exe [2013/01/04 18:39:35 | 000,000,000 | ---D | C] -- C:\MATS [2013/01/04 09:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/01/04 09:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/03 10:55:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2013/01/03 10:54:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2013/01/03 10:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\WinUpdates [2013/01/02 20:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\A&ADemo [2013/01/02 20:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Atari [2013/01/02 20:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Atari [2013/01/02 10:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\GeekBuddyRSP [2013/01/01 21:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer [2012/12/31 23:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Sun [2012/12/31 21:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/12/31 21:22:30 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/12/31 21:22:30 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/31 21:22:30 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/12/31 21:22:19 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/12/31 21:22:19 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/12/31 21:22:19 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/12/31 21:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/12/30 11:46:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Favorites [2012/12/29 18:16:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO [2012/12/29 18:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\GeekBuddyRSP [2012/12/29 18:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\COMODO [2012/12/29 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2012/12/29 18:01:07 | 000,000,000 | ---D | C] -- C:\CCE_Quarantine [2012/12/27 19:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IsolatedStorage [2012/12/27 19:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\HP [2012/12/27 15:53:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes [2012/12/27 14:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\SecurityScans [2012/12/27 14:04:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2012/12/27 09:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Security [2012/12/25 18:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2011/11/25 12:52:11 | 068,771,184 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe [2011/04/29 20:21:39 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2011/04/14 07:24:16 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe [2011/04/04 11:25:21 | 287,796,859 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\aa_demo_setup.exe ========== Files - Modified Within 30 Days ========== [2013/01/23 21:44:29 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk [2013/01/23 21:30:27 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/01/23 21:30:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job [2013/01/23 21:21:02 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job [2013/01/23 21:20:59 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013/01/23 21:20:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/01/23 21:07:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/23 00:07:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/22 21:04:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/01/22 20:52:24 | 000,009,298 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2013/01/22 15:11:29 | 000,588,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/22 15:11:29 | 000,119,594 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/22 15:07:36 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2013/01/22 15:06:45 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/22 15:06:45 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/21 12:37:57 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to dds.com.pif [2013/01/21 10:34:19 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Application Verifier.lnk [2013/01/21 00:10:13 | 000,001,125 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/01/21 00:10:13 | 000,001,107 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/20 23:19:52 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/01/20 23:19:45 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Security Essentials.lnk [2013/01/20 22:30:23 | 000,038,400 | ---- | M] () -- C:\WINDOWS\System32\pcdhdm.cpl [2013/01/19 23:09:00 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/19 23:09:00 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/19 16:48:22 | 000,004,819 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/01/19 16:44:48 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2013/01/19 16:44:47 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/01/19 16:44:40 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/01/19 16:44:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013/01/19 16:39:02 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/01/19 15:26:03 | 000,001,282 | RHS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.pol [2013/01/19 01:02:28 | 000,141,640 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\5DCF3DE2.sys [2013/01/18 23:49:16 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/01/18 23:42:57 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/01/18 23:42:31 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2013/01/18 23:42:31 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2013/01/18 21:05:50 | 000,001,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk [2013/01/18 20:56:22 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/18 20:56:22 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/01/18 20:53:41 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to LSDiagnosticUtility.exe.lnk [2013/01/17 13:29:47 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2013/01/17 12:04:01 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk [2013/01/16 06:41:09 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.lnk [2013/01/15 14:37:29 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2013/01/11 16:34:58 | 151,469,960 | ---- | M] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe [2013/01/10 21:50:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_188 [2013/01/10 21:20:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini [2013/01/10 13:20:46 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Excel 2003.lnk [2013/01/08 07:32:44 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Office Word 2003.lnk [2013/01/07 10:32:23 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2013/01/06 19:44:12 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb [2013/01/06 11:04:57 | 000,011,892 | ---- | M] () -- C:\WINDOWS\CUAppUsage.Dat [2013/01/05 21:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013/01/05 15:51:11 | 000,001,324 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\LUA Protocol.lnk [2013/01/04 18:46:01 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\FixitCenter_Run.exe [2013/01/03 22:32:49 | 000,027,678 | ---- | M] () -- C:\Program Files\CisReport_v6.0.260739.2674_20130103-223244.zip [2013/01/02 20:31:36 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Axis & Allies Demo.lnk [2013/01/02 08:13:50 | 000,008,404 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-081346.zip [2013/01/02 05:34:21 | 000,007,221 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-053412.zip [2013/01/01 20:24:14 | 000,007,215 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130101-202403.zip [2012/12/31 21:21:48 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012/12/31 21:21:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/12/31 21:21:46 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012/12/31 21:21:46 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/12/31 21:21:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/12/31 21:21:46 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/12/31 21:21:46 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/12/31 19:32:23 | 000,000,004 | ---- | M] () -- C:\WINDOWS\CSCCompactState [2012/12/31 18:26:24 | 000,000,280 | ---- | M] () -- C:\Boot.bak [2012/12/31 14:05:00 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Solitaire.lnk [2012/12/30 12:44:10 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2012/12/28 15:49:52 | 000,005,956 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/12/27 13:15:43 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Hearts.lnk [2012/12/26 12:32:00 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT ========== Files Created - No Company Name ========== [2013/01/23 21:44:29 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk [2013/01/22 20:25:20 | 000,009,298 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2013/01/22 15:06:46 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2013/01/22 15:06:45 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/22 15:06:45 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NETGEAR WNA3100 Smart Wizard.lnk [2013/01/21 12:37:57 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to dds.com.pif [2013/01/21 10:34:19 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Application Verifier.lnk [2013/01/21 00:10:13 | 000,001,125 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/01/20 23:23:05 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Security Essentials.lnk [2013/01/20 23:19:45 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/01/20 15:21:41 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/01/19 16:44:48 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2013/01/19 16:44:47 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2013/01/19 16:44:02 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2013/01/19 16:44:02 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk [2013/01/18 21:05:50 | 000,001,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk [2013/01/18 20:56:22 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/18 20:56:22 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/18 20:56:22 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2013/01/18 20:53:41 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to LSDiagnosticUtility.exe.lnk [2013/01/18 17:02:05 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2013/01/17 12:04:01 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Revo Uninstaller.lnk [2013/01/17 08:32:34 | 000,001,107 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/16 06:41:09 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SUPERAntiSpyware.lnk [2013/01/15 14:37:29 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk [2013/01/15 14:37:29 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2013/01/13 21:58:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/11 16:28:50 | 151,469,960 | ---- | C] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe [2013/01/10 13:30:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/01/10 13:30:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/01/10 13:30:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/01/10 13:30:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/01/10 13:30:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/01/07 10:36:06 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job [2013/01/07 10:36:04 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job [2013/01/07 10:32:23 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Fix it Center.lnk [2013/01/07 10:32:23 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Fix it Center.lnk [2013/01/06 19:44:11 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb [2013/01/06 06:34:14 | 000,043,609 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb [2013/01/05 15:47:22 | 000,001,324 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\LUA Protocol.lnk [2013/01/03 22:32:47 | 000,027,678 | ---- | C] () -- C:\Program Files\CisReport_v6.0.260739.2674_20130103-223244.zip [2013/01/02 20:31:36 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Axis & Allies Demo.lnk [2013/01/02 08:13:49 | 000,008,404 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-081346.zip [2013/01/02 05:34:20 | 000,007,221 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130102-053412.zip [2013/01/01 20:24:13 | 000,007,215 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CisReport_v6.0.260739.2674_20130101-202403.zip [2013/01/01 19:59:44 | 000,011,892 | ---- | C] () -- C:\WINDOWS\CUAppUsage.Dat [2012/12/31 19:27:27 | 000,000,004 | ---- | C] () -- C:\WINDOWS\CSCCompactState [2012/12/30 11:48:23 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/12/30 11:48:23 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk [2012/12/28 15:49:52 | 000,005,956 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/12/09 20:12:42 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\mmc.exe.config [2012/12/09 10:12:29 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2012/12/06 16:39:33 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/12/06 16:39:33 | 001,101,436 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/12/06 16:39:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/12/06 16:38:32 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/02/15 16:30:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/26 19:46:24 | 000,000,448 | ---- | C] () -- C:\Program Files\0126201219462482.bat [2012/01/06 17:22:47 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF645.ini [2011/11/25 19:49:45 | 000,000,458 | ---- | C] () -- C:\Program Files\1125201119494514.bat [2011/11/25 13:33:00 | 000,042,836 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011/05/17 09:29:13 | 000,001,282 | RHS- | C] () -- C:\Documents and Settings\HP_Administrator\ntuser.pol [2011/05/15 19:10:29 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2011/05/15 19:10:29 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2011/05/15 19:10:28 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2011/05/15 19:10:28 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2011/05/15 19:10:28 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2011/05/15 19:10:28 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini [2011/04/16 13:59:30 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini [2011/04/16 13:59:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2011/04/16 13:58:13 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2009/05/23 15:06:03 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/05/23 14:55:22 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2005/08/30 19:58:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 16:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/03/09 16:17:46 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT [2012/12/31 18:26:24 | 000,000,280 | ---- | M] () -- C:\Boot.bak [2013/01/10 21:20:23 | 000,000,326 | RHS- | M] () -- C:\boot.ini [2004/08/09 13:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2013/01/10 21:54:34 | 000,024,858 | ---- | M] () -- C:\ComboFix.txt [2005/08/30 20:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2013/01/04 18:46:01 | 000,450,352 | ---- | M] (Microsoft Corporation) -- C:\FixitCenter_Run.exe [2012/01/07 20:53:06 | 069,744,132 | ---- | M] () -- C:\hpWebHelper.log [2005/08/30 20:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/08/30 20:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/09 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011/04/04 15:52:22 | 000,250,048 | RHS- | M] () -- C:\ntldr [2013/01/23 21:20:17 | 1506,803,712 | -HS- | M] () -- C:\pagefile.sys [2013/01/23 00:01:26 | 000,006,792 | ---- | M] () -- C:\resetlog.txt [2013/01/11 16:34:58 | 151,469,960 | ---- | M] () -- C:\setup_11.0.0.1245.x01_2013_01_12_03_36.exe [2013/01/19 11:27:39 | 000,066,282 | ---- | M] () -- C:\SIGNED.TXT [2013/01/19 11:27:39 | 000,092,506 | ---- | M] () -- C:\SIGVERIF.TXT [2004/06/11 15:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe [2013/01/06 21:31:56 | 000,093,816 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_06.01.2013_21.31.19_log.txt [2013/01/11 14:55:53 | 000,003,768 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.01.2013_14.55.21_log.txt [2013/01/11 15:40:03 | 000,356,756 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_11.01.2013_15.00.58_log.txt [2013/01/19 11:27:39 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT [2013/01/19 11:27:39 | 000,025,560 | ---- | M] () -- C:\UNSCANNED.TXT [2013/01/19 11:27:34 | 000,002,124 | ---- | M] () -- C:\UNSIGNED.TXT < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\volsnap.sys:SummaryInformation < End of report >