Jump to content

Ben Turner

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Posts posted by Ben Turner

    rootkit.rustock keeps coming back

    in Resolved Malware Removal Logs

    Posted

    Hi folks.

    My Win XP box at work has a rather begnign case of rootkit.rustock according to MBAM. Comes up almost every time I scan and quarantining/removing doesn't help. Attached below are the most recent MBAM and HJT logs. Any advice and help greatly appreciated:

    Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Database version: 8021

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 8.0.6001.18702

    10/26/2011 9:44:16 AM

    mbam-log-2011-10-26 (09-44-15).txt

    Scan type: Full scan (C:\|D:\|)

    Objects scanned: 446491

    Time elapsed: 1 hour(s), 30 minute(s), 55 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 19

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP704\A0119679.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP705\A0119721.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP705\A0120721.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP706\A0120772.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP707\A0120887.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP707\A0121886.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP708\A0121935.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP708\A0121957.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP709\A0121994.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP710\A0122041.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP711\A0122081.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP713\A0122560.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP713\A0123334.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP715\A0123384.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP715\A0124385.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP717\A0124444.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP718\A0124574.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP719\A0125575.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    c:\system volume information\_restore{39927f7c-feeb-4db9-9f0c-7c9c325b7051}\RP720\A0125622.sys (Rootkit.Rustock) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 5:34:16 PM, on 10/27/2011

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe

    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

    C:\Program Files\TeamViewer\Version6\TeamViewer.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

    C:\Program Files\Microsoft IntelliType Pro\itype.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Microsoft ActiveSync\wcescomm.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Program Files\BookmarkSync\BookmarkSync.exe

    C:\PROGRA~1\MI3AA1~1\rapimgr.exe

    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

    C:\Documents and Settings\Ben Turner\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Common Files\Java\Java Update\jucheck.exe

    C:\Program Files\Outlook Express\msimn.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

    O2 - BHO: LocationFinder Class - {BC0E8AD7-13AA-4694-8EDD-0246BC47A35F} - C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.4.2.20\loki.dll

    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

    O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

    O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ben Turner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Startup: BookmarkSync.lnk = C:\Program Files\BookmarkSync\BookmarkSync.exe

    O4 - Global Startup: APC UPS Status.lnk = ?

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

    O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe

    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

    --

    End of file - 11138 bytes

    Help! HJT log attached--can't install MBAM

    in Resolved Malware Removal Logs

    Posted

    ComboFix 09-05-30.03 - Ben Turner 05/31/2009 2:02.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1629 [GMT -4:00]

    Running from: C:\Combo-Fix.exe

    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\program files\Common\helper.dll

    c:\program files\Common\helper.sig

    c:\windows\system32\drivers\UACbirilrlxfuwnsrp.sys

    c:\windows\system32\UACdpuassginjhjutt.dll

    c:\windows\system32\UACeonbojcgwrtudqv.dll

    c:\windows\system32\UACfwfbxjepdboskxw.log

    c:\windows\system32\UACgeptmphgddewvwx.dll

    c:\windows\system32\uacinit.dll

    c:\windows\system32\UACksiedgqgckvpehr.dat

    c:\windows\system32\UACpucxoakijpcupqb.log

    c:\windows\system32\UACtutksgnusqntipa.dll

    c:\windows\system32\UACuwmyxweexexmlal.dll

    c:\windows\system32\UACyvholwtninqnlrn.log

    D:\Autorun.inf

    D:\Desktop.ini

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Service_UACd.sys

    ((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))

    .

    2009-05-31 05:52 . 2009-05-31 05:52 3122418 ----a-r C:\Combo-Fix.exe

    2009-05-31 00:05 . 2009-05-31 00:06 286208 ----a-w C:\6c9hd2g0.exe

    2009-05-30 12:29 . 2009-05-30 12:29 0 ----a-w c:\documents and settings\Ben Turner\settings.dat

    2009-05-30 12:09 . 2009-03-30 14:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys

    2009-05-30 12:09 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

    2009-05-30 12:09 . 2009-02-13 16:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys

    2009-05-30 12:09 . 2009-02-13 16:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys

    2009-05-30 12:09 . 2009-05-30 12:09 -------- d-----w c:\program files\Avira

    2009-05-30 12:09 . 2009-05-30 12:09 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

    2009-05-30 11:52 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

    2009-05-30 11:52 . 2009-05-30 11:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-05-30 11:52 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

    2009-05-30 11:52 . 2009-05-30 11:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

    2009-05-30 02:35 . 2009-05-30 02:35 -------- d-sh--w c:\documents and settings\Ben Turner\PrivacIE

    2009-05-30 02:34 . 2009-05-30 02:34 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache

    2009-05-30 02:34 . 2009-05-30 02:34 -------- d-sh--w c:\documents and settings\Ben Turner\IETldCache

    2009-05-30 02:32 . 2009-05-30 02:32 -------- d-----w c:\windows\ie8updates

    2009-05-30 02:32 . 2009-05-12 05:11 102912 ------w c:\windows\system32\dllcache\iecompat.dll

    2009-05-30 02:31 . 2009-05-30 02:31 -------- dc-h--w c:\windows\ie8

    2009-05-27 02:20 . 2009-05-27 02:20 -------- d-----w c:\program files\Microsoft

    2009-05-27 02:19 . 2009-05-27 02:19 410984 ----a-w c:\windows\system32\deploytk.dll

    2009-05-27 02:18 . 2009-05-27 02:18 152576 ----a-w c:\documents and settings\Ben Turner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

    2009-05-26 02:44 . 2009-05-26 02:44 -------- d-----w c:\program files\Common Files\Uninstall

    2009-05-08 01:16 . 2009-05-08 01:16 127877 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\uninstall.exe

    2009-05-08 01:15 . 2009-05-08 01:16 1685856 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe

    2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

    2009-05-01 06:30 . 2009-05-08 01:16 4183416 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\plugins\npqmp071500000347.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-05-31 06:03 . 2009-04-10 15:40 -------- d-----w c:\program files\Common

    2009-05-30 23:58 . 2008-02-14 17:23 -------- d-----w c:\documents and settings\Ben Turner\Application Data\OpenOffice.org2

    2009-05-30 12:07 . 2007-05-04 14:31 -------- d-----w c:\documents and settings\Ben Turner\Application Data\U3

    2009-05-27 02:18 . 2006-05-11 06:58 -------- d-----w c:\program files\Java

    2009-05-26 02:52 . 2009-03-03 23:29 -------- d-----w c:\documents and settings\Ben Turner\Application Data\Move Networks

    2009-05-04 02:45 . 2008-06-19 01:39 -------- d-----w c:\program files\Full Tilt Poker

    2009-04-08 02:53 . 2006-05-11 09:25 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

    2009-04-02 00:15 . 2009-04-02 00:15 1047072 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe

    2009-03-21 15:34 . 2006-05-11 09:04 68496 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2009-03-08 08:34 . 2004-08-10 15:00 914944 ----a-w c:\windows\system32\wininet.dll

    2009-03-08 08:34 . 2004-08-10 15:00 43008 ----a-w c:\windows\system32\licmgr10.dll

    2009-03-08 08:33 . 2004-08-10 15:00 18944 ----a-w c:\windows\system32\corpol.dll

    2009-03-08 08:33 . 2004-08-10 15:00 420352 ----a-w c:\windows\system32\vbscript.dll

    2009-03-08 08:32 . 2004-08-10 15:00 72704 ----a-w c:\windows\system32\admparse.dll

    2009-03-08 08:32 . 2004-08-10 15:00 71680 ----a-w c:\windows\system32\iesetup.dll

    2009-03-08 08:31 . 2004-08-10 15:00 34816 ----a-w c:\windows\system32\imgutil.dll

    2009-03-08 08:31 . 2004-08-10 15:00 48128 ----a-w c:\windows\system32\mshtmler.dll

    2009-03-08 08:31 . 2004-08-10 15:00 45568 ----a-w c:\windows\system32\mshta.exe

    2009-03-08 08:22 . 2004-08-10 15:00 156160 ----a-w c:\windows\system32\msls31.dll

    2009-03-06 14:22 . 2004-08-10 15:00 284160 ----a-w c:\windows\system32\pdh.dll

    2007-03-22 12:02 . 2007-03-22 12:02 22 --sha-w c:\windows\SMINST\HPCD.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888]

    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]

    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]

    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-10-26 26112]

    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]

    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-22 33280]

    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    "MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]

    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-18 61952]

    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

    c:\documents and settings\Ben Turner\Start Menu\Programs\Startup\

    OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

    HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\WINDOWS\\system32\\mqsvc.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

    "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    "c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/30/2009 8:09 AM 108289]

    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

    R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2/15/2006 11:06 AM 20352]

    S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [7/12/2006 5:59 PM 97920]

    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/6/2008 4:10 PM 106496]

    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [7/9/2007 2:17 PM 105216]

    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [6/26/2007 1:38 PM 59264]

    S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [3/30/2007 1:38 PM 8064]

    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [9/6/2007 3:30 PM 13824]

    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    .

    Contents of the 'Scheduled Tasks' folder

    2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job

    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

    .

    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

    uInternet Connection Wizard,ShellNext = iexplore

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    LSP: bmnet.dll

    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-05-31 02:09

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????t??????(?@???????@

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(984)

    c:\windows\system32\bmnet.dll

    .

    Completion time: 2009-05-31 2:10

    ComboFix-quarantined-files.txt 2009-05-31 06:10

    Pre-Run: 31,805,067,264 bytes free

    Post-Run: 32,531,263,488 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    193 --- E O F --- 2009-05-30 11:47

    Help! HJT log attached--can't install MBAM

    in Resolved Malware Removal Logs

    Posted

    OTL logfile created on: 5/30/2009 8:07:30 PM - Run 1

    OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Ben Turner\Desktop

    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.64% Memory free

    2.60 Gb Paging File | 2.01 Gb Available in Paging File | 77.28% Paging File free

    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 59.54 Gb Total Space | 29.68 Gb Free Space | 49.85% Space Free | Partition Type: NTFS

    Drive D: | 13.95 Gb Total Space | 0.82 Gb Free Space | 5.89% Space Free | Partition Type: FAT32

    E: Drive not present or media not loaded

    Drive F: | 93.16 Gb Total Space | 93.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: BTLAPTOP

    Current User Name: Ben Turner

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Output = Minimal

    File Age = 30 Days

    Company Name Whitelist: On

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

    PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

    PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

    PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

    PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

    PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

    PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

    PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

    PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

    PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

    PRC - C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)

    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

    PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

    PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)

    PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

    PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN (OpenOffice.org)

    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)

    PRC - C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)

    PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

    PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

    PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

    PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

    PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

    PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

    PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)

    PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

    PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)

    PRC - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)

    PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

    PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

    PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

    PRC - C:\Program Files\AT&T\Communication Manager\bmctl.exe (Bytemobile, Inc.)

    PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)

    PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    PRC - C:\Documents and Settings\Ben Turner\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

    SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

    SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)

    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

    SRV - (ATTRcAppSvc [On_Demand | Running]) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)

    SRV - (bmwebcfg [Auto | Running]) -- C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)

    SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

    SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

    SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

    SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

    SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

    SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

    SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

    SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

    SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

    SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)

    SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)

    SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

    SRV - (NWCWorkstation [Auto | Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)

    SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

    SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

    SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

    SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (ACGPRS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\acgprs.sys (Sierra Wireless Inc.)

    DRV - (AliIde [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

    DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

    DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

    DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

    DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

    DRV - (avgio [system | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

    DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)

    DRV - (avipbb [system | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)

    DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)

    DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

    DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

    DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)

    DRV - (eabfiltr [system | Running]) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

    DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys (Hewlett-Packard Development Company, L.P.)

    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

    DRV - (GT72NDISIPXP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys (Option NV)

    DRV - (GT72UBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gt72ubus.sys (Option N.V.)

    DRV - (GTPTSER [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gtptser.sys (Option N.V.)

    DRV - (HBtnKey [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)

    DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

    DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

    DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)

    DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)

    DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)

    DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)

    DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

    DRV - (iaStor [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

    DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)

    DRV - (mf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mf.sys (Microsoft Corporation)

    DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)

    DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

    DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

    DRV - (NWADI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)

    DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)

    DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)

    DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)

    DRV - (NWRDR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nwrdr.sys (Microsoft Corporation)

    DRV - (NWUSBCDFIL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys (Novatel Wireless Inc.)

    DRV - (NWUSBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)

    DRV - (NWUSBPort [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)

    DRV - (NWUSBPort2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwusbser2.sys (Novatel Wireless Inc.)

    DRV - (PCASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

    DRV - (PCTINDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\PCTINDIS5.SYS (PCTEL Inc.)

    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

    DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

    DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

    DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

    DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

    DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)

    DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)

    DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)

    DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

    DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

    DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

    DRV - (ssmdrv [system | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)

    DRV - (swivsp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\swivspnt.sys (Sierra Wireless Inc.)

    DRV - (swmsflt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()

    DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

    DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

    DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

    DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

    DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)

    DRV - (tcpipBM [system | Running]) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)

    DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

    DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

    DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

    DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel

    Help! HJT log attached--can't install MBAM

    in Resolved Malware Removal Logs

    Posted

    I'll have to post these one at a time:

    OTL Extras logfile created on: 5/30/2009 8:07:30 PM - Run 1

    OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Ben Turner\Desktop

    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18702)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.64% Memory free

    2.60 Gb Paging File | 2.01 Gb Available in Paging File | 77.28% Paging File free

    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

    Drive C: | 59.54 Gb Total Space | 29.68 Gb Free Space | 49.85% Space Free | Partition Type: NTFS

    Drive D: | 13.95 Gb Total Space | 0.82 Gb Free Space | 5.89% Space Free | Partition Type: FAT32

    E: Drive not present or media not loaded

    Drive F: | 93.16 Gb Total Space | 93.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: BTLAPTOP

    Current User Name: Ben Turner

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Output = Minimal

    File Age = 30 Days

    Company Name Whitelist: On

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "FirstRunDisabled" = 1

    "AntiVirusDisableNotify" = 1

    "FirewallDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    "AntiVirusOverride" = 0

    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

    "EnableFirewall" = 1

    "DoNotAllowExceptions" = 0

    "DisableNotifications" = 0

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

    C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)

    %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

    C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)

    C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found

    C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

    %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

    C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (America Online, Inc.)

    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found

    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found

    C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found

    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found

    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found

    C:\Program Files\Common Files\AOL\1193369300\EE\AOLServiceHost.exe:*:Enabled:AOL File not found

    C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found

    C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found

    C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found

    C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found

    C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client (Hewlett-Packard)

    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)

    C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)

    C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

    C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody (RealNetworks, Inc.)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

    "{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

    "{1313740E-0072-4E2D-A628-DEFCD38B577A}" = HP User Guides 0011

    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

    "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

    "{26502D04-57B1-4A2D-8D5D-9DE36FC99355}" = Mobile Broadband Generic Drivers

    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

    "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

    "{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5

    "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

    "{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3

    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2

    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

    "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

    "{40CE69DD-8398-4C3F-B18E-ADA9B1BB556C}" = Brother HL-2070N

    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

    "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1

    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1

    "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

    "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

    "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

    "{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder

    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

    "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

    "{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

    "{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer

    "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

    "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

    "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI

    "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

    "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

    "{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =

    "{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation

    "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

    "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

    "{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio

    "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

    "{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder

    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

    "{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

    "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

    "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

    "{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes

    "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

    "{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

    "{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

    "{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1

    "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

    "{D73F386A-A580-40AF-9FED-BEE0D66E2FE5}" = AT&T Communication Manager

    "{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1

    "{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support

    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

    "{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo

    "{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5

    "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

    "CNXT_HDAUDIO" = Conexant HD Audio

    "CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP

    "eGames GameButler" = eGames GameButler

    "Egg vs. Chicken" = Egg vs. Chicken

    "HijackThis" = HijackThis 2.0.2

    "HP Imaging Device Functions" = HP Imaging Device Functions 6.0

    "HP Photo & Imaging" = HP Photosmart Premier Software 6.0

    "HP Rhapsody" = HP Rhapsody

    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

    "ie7" = Windows Internet Explorer 7

    "ie8" = Windows Internet Explorer 8

    "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.

    "JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

    "Money2006b" = Microsoft Money 2006

    "Netscape Browser" = Netscape Browser (remove only)

    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

    "NVIDIA Drivers" = NVIDIA Drivers

    "Pencil-Pal Kindergarten" = Pencil-Pal Kindergarten

    "PROSet" = Intel® PRO Network Connections Drivers

    "RealPlayer 6.0" = RealPlayer Basic

    "Shoot the Roach" = Shoot the Roach

    "ST6UNST #1" = Autotel For Windows

    "ST6UNST #2" = Stockwiz2 - Herbert L. Flake Company

    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    "ViewpointMediaPlayer" = Viewpoint Media Player

    "WildTangent hp Master Uninstall" = My HP Games

    "Windows Media Format Runtime" = Windows Media Format Runtime

    "Windows XP Service Pack" = Windows XP Service Pack 3

    "Yahoo! Companion" = Yahoo! Toolbar

    "Yahoo! Extras" = Yahoo! Browser Services

    "Yahoo! Mail" = Yahoo! Internet Mail

    "Yahoo! Messenger" = Yahoo! Messenger

    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]

    Error - 4/3/2008 6:38:46 AM | Computer Name = BTLAPTOP | Source = Application Hang | ID = 1002

    Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module

    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 4/8/2008 12:26:18 PM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

    module ntdll.dll, version 5.1.2600.2180, fault address 0x0001218e.

    Error - 4/9/2008 9:06:08 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

    module hnetcfg.dll, version 5.1.2600.2180, fault address 0x00026576.

    Error - 4/9/2008 9:06:15 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1001

    Description = Fault bucket 715955234.

    Error - 4/11/2008 6:49:56 AM | Computer Name = BTLAPTOP | Source = MPSampleSubmission | ID = 5000

    Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

    1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,

    P10 NIL.

    Error - 4/11/2008 2:23:56 PM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

    module ntdll.dll, version 5.1.2600.2180, fault address 0x0001218e.

    Error - 4/15/2008 8:02:29 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

    module yahoomessenger.exe, version 8.1.0.421, fault address 0x0022fec2.

    Error - 4/15/2008 8:02:50 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1001

    Description = Fault bucket 507368270.

    Error - 4/21/2008 6:41:36 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

    Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting

    module unknown, version 0.0.0.0, fault address 0x60b47930.

    Error - 4/30/2008 1:50:42 AM | Computer Name = BTLAPTOP | Source = MPSampleSubmission | ID = 5000

    Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

    1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,

    P10 NIL.

    [ System Events ]

    Error - 5/30/2009 7:58:32 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

    error message: The referenced assembly is not installed on your system. .

    Error - 5/30/2009 7:58:32 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

    Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.

    Reference

    error message: The operation completed successfully. .

    Error - 5/30/2009 7:59:01 PM | Computer Name = BTLAPTOP | Source = Service Control Manager | ID = 7026

    Description = The following boot-start or system-start driver(s) failed to load:

    BTKRNL

    Error - 5/30/2009 7:59:10 PM | Computer Name = BTLAPTOP | Source = DCOM | ID = 10010

    Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register

    with DCOM within the required timeout.

    Error - 5/30/2009 7:59:18 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842784

    Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last

    Error was The referenced assembly is not installed on your system.

    Error - 5/30/2009 7:59:18 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

    error message: The referenced assembly is not installed on your system. .

    Error - 5/30/2009 7:59:18 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

    Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.

    Reference

    error message: The operation completed successfully. .

    Error - 5/30/2009 7:59:19 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842784

    Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last

    Error was The referenced assembly is not installed on your system.

    Error - 5/30/2009 7:59:19 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

    Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

    error message: The referenced assembly is not installed on your system. .

    Error - 5/30/2009 7:59:19 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

    Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.

    Reference

    error message: The operation completed successfully. .

    < End of report >

    Help! HJT log attached--can't install MBAM

    in Resolved Malware Removal Logs

    Posted

    Hi all,

    Trying to remove something nasty from my friend's comp that manifested itself as "Personal Antivirus" and had all the usual systray popups and browser redirects. Downloaded HJT and MBAM to a stick and tried to install MBAM, but got the hourglass, then nothing. Read the forums and found other users had renamed the installer and had success. . . that worked, but the installer hung up on "finishing installation". After 30 minutes I did a Ctr/alt/del and killed the program, but can't open MBAM.

    I also downloaded and installed Avira Antivir Personal, but it found nothing.

    Per instructions, here's my HJT logfile. Any help appreciated.

    Regards,

    Ben

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 8:11:57 AM, on 5/30/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\HP\QuickPlay\QPService.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

    C:\Program Files\Real\RealPlayer\RealPlay.exe

    C:\Program Files\Microsoft IntelliType Pro\itype.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\QuickTime\QTTask.exe

    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    C:\Program Files\AT&T\Communication Manager\ATTCM.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\system32\bmwebcfg.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

    C:\Program Files\AT&T\Communication Manager\bmctl.exe

    C:\Documents and Settings\Ben Turner\Application Data\U3\0000060508029976\LaunchPad.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Internet Explorer\Iexplore.exe

    C:\Program Files\Internet Explorer\Iexplore.exe

    H:\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

    O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a

    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

    O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')

    O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

    O10 - Unknown file in Winsock LSP: bmnet.dll

    O10 - Unknown file in Winsock LSP: bmnet.dll

    O10 - Unknown file in Winsock LSP: bmnet.dll

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

    O18 - Filter hijack: text/html - {3f1b0329-3480-4573-b807-407b03b147c7} - C:\WINDOWS\system32\dsound3dd.dll

    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe

    O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --

    End of file - 11035 bytes

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.