Jump to content

rpochoda

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I trying to help a friend who's machine has a virus-corrupted file and won't boot except to the Startup Repair - which fails. Is there any tool I can use to get at the virus? She's running Win 7, her machine didn't come with an install disk, she never made a recovery disk, and there are no restore points. Thanks for any suggestions, or hints, or directions, or ....
  2. This has been resolved. I just found out about the repair function on my original installation disk. I knew about the Install and the Recovery Console options, but never dared to think that there might be more repair functionality if I chose the Install option. I assumed this would start the reinstall right away, rather than giving me another set of choices (after the "I agree" screen) that includes the powerful OS repair function. This was not documented in anything I had seen.
  3. I removed an XP Home Security virus with MBAM, then still had to reinstall an infected Windows\system32\drivers\netbt.sys file from my XP install disk, but I can't see the internet. (Signal is good, connections are good, no proxy server hijack.) _______________________________________________________________________________________________________ Here's the DDS.txt log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.2180 Run by REP at 19:23:33 on 2011-12-18 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.363 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Documents and Settings\REP\Application Data\Dropbox\bin\Dropbox.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\AVG\AVG10\avgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [<NO NAME>] mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe StartupFolder: c:\docume~1\rep\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\rep\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\rep\application data\mozilla\firefox\profiles\tpfr95p1.default\ FF - prefs.js: browser.startup.homepage - www.mail.com FF - prefs.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2011-6-23 231424] S3 uxddrv;Dynamically loaded UxdDrv;\??\e:\mmimenu\winstress\uxddrv.sys --> e:\mmimenu\winstress\uxddrv.sys [?] . =============== Created Last 30 ================ . 2011-12-18 23:56:12 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys 2011-12-18 23:56:09 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys 2011-12-18 23:56:06 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys 2011-12-18 23:56:02 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll 2011-12-18 23:56:00 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys 2011-12-18 23:54:58 907456 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys 2011-12-18 23:53:56 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys 2011-12-18 23:52:59 37120 -c--a-w- c:\windows\system32\dllcache\es1370mp.sys 2011-12-18 23:51:57 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys 2011-12-18 23:50:58 24648 -c--a-w- c:\windows\system32\dllcache\dfe650.sys 2011-12-18 23:49:59 60970 -c--a-w- c:\windows\system32\dllcache\cpqtrnd5.sys 2011-12-18 23:48:43 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys 2011-12-18 23:47:59 26880 -c--a-w- c:\windows\system32\dllcache\atirtsnd.sys 2011-12-18 23:46:59 61440 -c--a-w- c:\windows\system32\dllcache\acerscad.dll 2011-12-18 23:45:51 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-12-17 06:25:04 9852544 ----a-w- C:\SU_MBts.exe 2011-12-13 22:46:02 -------- d-----w- c:\documents and settings\rep\local settings\application data\Western Digital 2011-12-11 19:04:09 -------- d-----w- c:\documents and settings\rep\SpeakHip 2011-12-04 21:52:37 65776 ----a-w- c:\windows\UnDeploy.exe 2011-12-04 21:49:58 -------- d-----w- c:\program files\EASEUS Data Recovery Wizard Free Edition 5.5.1 2011-12-04 17:28:02 -------- d-----w- c:\program files\SyncBack 2011-11-29 20:19:33 -------- d-----w- C:\VIDEO_TS 2011-11-29 20:19:33 -------- d-----w- C:\AUDIO_TS 2011-11-24 02:09:40 487424 ----a-w- c:\windows\system32\msvcp70.dll 2011-11-24 02:09:40 344064 ----a-w- c:\windows\system32\msvcr70.dll 2011-11-24 02:09:29 -------- d-----w- c:\program files\SureThing CD Labeler 5 2011-11-24 00:38:19 -------- d-----w- c:\documents and settings\all users\application data\LightScribe 2011-11-23 23:05:51 -------- d-----w- c:\documents and settings\rep\local settings\application data\LightScribe . ==================== Find3M ==================== . 2011-12-12 22:33:00 89680 ----a-w- c:\documents and settings\rep\MSSSerif120.fon 2011-11-17 19:07:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ============= FINISH: 19:24:27.43 =============== ______________________________________________________________________________________________________ Here's the attach.txt log: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/23/2011 4:54:10 PM System Uptime: 12/18/2011 7:01:35 PM (0 hours ago) . Motherboard: Hewlett-Packard | | 30A4 Processor: AMD Turion 64 Mobile Technology ML-34 | U23 | 1794/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 4.99 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP83: 9/21/2011 6:43:32 PM - System Checkpoint RP84: 9/23/2011 1:14:58 PM - System Checkpoint RP85: 9/29/2011 11:56:49 AM - System Checkpoint RP86: 10/3/2011 3:48:17 PM - System Checkpoint RP87: 10/5/2011 1:49:46 PM - System Checkpoint RP88: 10/7/2011 10:17:20 PM - System Checkpoint RP89: 10/8/2011 10:22:26 PM - System Checkpoint RP90: 10/10/2011 8:36:37 AM - Removed AVG 2011 RP91: 10/11/2011 11:43:48 AM - System Checkpoint RP92: 10/13/2011 10:00:05 AM - System Checkpoint RP93: 10/14/2011 10:04:01 AM - Removed AVG 2011 RP94: 10/15/2011 2:45:10 PM - Installed iTunes RP95: 10/17/2011 5:28:49 PM - System Checkpoint RP96: 10/19/2011 10:45:28 AM - System Checkpoint RP97: 10/20/2011 3:05:21 PM - System Checkpoint RP98: 10/23/2011 10:30:15 PM - System Checkpoint RP99: 10/25/2011 8:43:33 AM - Removed AVG 2011 RP100: 10/25/2011 5:39:06 PM - Installed QuickTime RP101: 10/25/2011 6:17:38 PM - Removed QuickTime RP102: 10/25/2011 6:20:25 PM - Installed QuickTime RP103: 11/1/2011 4:25:05 PM - Installed InstallShield Restore Point RP104: 11/1/2011 4:26:16 PM - Installed Epson Event Manager RP105: 11/1/2011 4:29:21 PM - Installed EPSON Perfection V30/V300 Photo Scanner Driver Update RP106: 11/1/2011 4:29:59 PM - Installed MediaImpression RP107: 11/1/2011 4:32:15 PM - Installed ABBYY FineReader 6.0 Sprint RP108: 11/1/2011 5:39:52 PM - Installed Connect Service RP109: 11/2/2011 6:13:16 PM - Installed Connect Service RP110: 11/2/2011 6:13:58 PM - Installed Connect Service RP111: 11/5/2011 1:24:28 AM - System Checkpoint RP112: 11/6/2011 10:15:16 AM - System Checkpoint RP113: 11/7/2011 3:36:12 PM - System Checkpoint RP114: 11/8/2011 11:55:42 PM - System Checkpoint RP115: 11/15/2011 4:34:18 PM - System Checkpoint RP116: 11/21/2011 10:49:26 AM - System Checkpoint RP117: 11/22/2011 11:13:02 PM - System Checkpoint RP118: 11/23/2011 7:32:38 PM - Removed LightScribe 1.4.56.1 RP119: 11/26/2011 3:04:59 PM - System Checkpoint RP120: 11/27/2011 8:16:50 PM - System Checkpoint RP121: 11/29/2011 10:52:40 AM - System Checkpoint RP122: 11/30/2011 11:09:43 AM - System Checkpoint RP123: 12/1/2011 11:16:30 AM - Removed AVG 2011 RP124: 12/3/2011 12:55:33 PM - System Checkpoint RP125: 12/5/2011 10:51:50 AM - System Checkpoint RP126: 12/6/2011 10:58:00 AM - Removed AVG 2011 RP127: 12/7/2011 1:19:24 PM - System Checkpoint RP128: 12/8/2011 2:58:48 PM - System Checkpoint RP129: 12/9/2011 9:26:49 PM - System Checkpoint RP130: 12/10/2011 6:57:56 PM - Removed EPSON Perfection V30/V300 Photo Scanner Driver Update RP131: 12/10/2011 7:11:02 PM - Removed MediaImpression RP132: 12/10/2011 7:12:15 PM - Removed MediaImpression RP133: 12/11/2011 10:31:46 PM - System Checkpoint RP134: 12/13/2011 2:21:27 PM - System Checkpoint RP135: 12/14/2011 9:50:08 PM - System Checkpoint RP136: 12/15/2011 11:31:42 AM - Removed AVG 2011 RP137: 12/16/2011 9:58:28 PM - System Checkpoint RP138: 12/17/2011 12:32:53 AM - Restore Operation RP139: 12/17/2011 1:06:41 AM - Restore Operation RP140: 12/18/2011 2:41:00 AM - System Checkpoint . ==== Installed Programs ====================== . µTorrent 32 Bit HP CIO Components Installer ABBYY FineReader 6.0 Sprint Across Lite addcustompaper Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 6.0.1 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Application Support Apple Mobile Device Support Apple Software Update Athlon 64 Processor Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AVG 2011 B8800 B8800_Help Bonjour Broadcom 802.11 Wireless LAN Adapter BufferChm Conduit Engine Conexant AC-Link Audio DeviceDiscovery DeviceManagementQFolder Dropbox Epson Copy Utility 3.5 Epson Event Manager eSupportQFolder GPBaseService Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows XP (KB888795) Hotfix for Windows XP (KB891593) Hotfix for Windows XP (KB895961) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB899337) Hotfix for Windows XP (KB899510) Hotfix for Windows XP (KB902841) HP Help and Support HP Imaging Device Functions 10.0 HP Photosmart Pro B8800 Printer Driver Software 10.0 Rel .3 HP Photosmart Pro plug-in for Adobe Photoshop ® HP QuickPlay 2.0 HP Smart Web Printing HP Software Update HP Solution Center 10.0 HP Update HP User Guides--System Recovery HP User Guides 0025 HP Wireless Assistant 2.00 C1 HPProductAssistant iTunes J2SE Runtime Environment 5.0 Update 6 LightScribe 1.4.136.1 Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Office Access 2003 Microsoft Office Access 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office PowerPoint 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Monitor Calibration Wizard 1.0 Mozilla Firefox 7.0.1 (x86 en-US) muvee autoProducer 4.5 PDF Settings PS_BSIZE_03_B8800_ProductContext PS_BSIZE_03_B8800_Software PS_BSIZE_03_B8800_Software_Min Quick Launch Buttons 5.20 G1 Quicken 2006 QuickTime REALTEK Gigabit and Fast Ethernet NIC Driver Security Update for Windows XP (KB893066) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB903235) SmartWebPrintingOC Soft Data Fax Modem with SmartCP SolutionCenter Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager Status SureThing CD Labeler Deluxe Trial Synaptics Pointing Device Driver SyncBack Texas Instruments PCIxx21/x515/xx12 drivers. The KMPlayer (remove only) TIPCI Toolbox TrayApp UnloadSupport Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update Rollup 2 for Windows XP Media Center Edition 2005 uTorrentBar Toolbar WebFldrs XP WebReg Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows XP Hotfix - KB873333 Windows XP Hotfix - KB883667 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885464 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890546 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892559 Windows XP Media Center Edition 2005 KB894553 Wireless Home Network Setup . ==== Event Viewer Messages From Past Week ======== . 12/18/2011 9:14:42 AM, error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT 12/18/2011 9:14:42 AM, error: Service Control Manager [7003] - The DHCP Client service depends on the following nonexistent service: NetBT 12/18/2011 12:40:52 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified. 12/17/2011 7:39:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service. 12/17/2011 12:58:32 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/17/2011 12:32:50 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 12/17/2011 12:20:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avgldx86 Avgmfx86 Avgtdix eabfiltr Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip 12/17/2011 12:20:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 12/17/2011 12:20:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/17/2011 12:20:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/17/2011 12:20:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 12/17/2011 12:20:51 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/17/2011 12:20:51 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/17/2011 12:20:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 12/17/2011 12:15:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 12/17/2011 12:14:35 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. 12/17/2011 12:10:45 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Avgldx86 Avgmfx86 eabfiltr Fips 12/17/2011 12:09:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/17/2011 1:22:22 PM, error: PlugPlayManager [12] - The device 'HL-DT-ST DVDRAM GSA-4084N' (IDE\CdRomHL-DT-ST_DVDRAM_GSA-4084N_______________KQ09____\304b36314434314b323920312020202020202020) disappeared from the system without first being prepared for removal. 12/15/2011 12:12:18 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\D. 12/15/2011 11:54:53 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983} 12/14/2011 11:45:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service. 12/14/2011 11:45:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service. 12/13/2011 8:20:18 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. 12/13/2011 5:40:57 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D. 12/13/2011 12:47:10 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/13/2011 12:47:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect. 12/13/2011 11:23:07 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000014, parameter2 00000002, parameter3 00000000, parameter4 80541152. 12/13/2011 11:22:06 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting. . ==== End Of File ===========================
  4. Thanks for the reply. My problem is not unhiding. (In the Explorer, I unhid the top directories and applied the change to all subdirectories, etc.) The question is whether I unhid too much. Are there any files that are best left hidden? As I said, I'm fairly tech savvy, and probably won't try to mess around with files that shouldn't be touched, but I thought I'd should consult with a pro. Thanks again, Ralph Pochoda
  5. I was infected with the Windows Recovery virus. I think I'm now virus free after following the your removal instructions. (Thank you, thank you, thank you Malwarebytes people.) But I was left with the hidden files, not necessarily a problem since I had checked "show hidden files and folders" in the Explorer. But I disliked how it left the icons grayed out on the desktop. So I unchecked the hide file attribute switches, but not just on the shortcut files, but on all files on the hard drive. Now I'm concerned that some files should have been left hidden. Are there any files that need to be rehidden? I'm fairly tech savvy and doubt that I'd mess with any files that shouldn't be touched, but I thought I should check with a pro.
  6. Mieke, I wanted to use my machine for a few days before I considered it clean. So far so good. I
  7. Ran HJT and removed the 7 entries as directed, then downloaded and ran ComboFix. Here's the log: ComboFix 09-08-22.06 - REP 08/22/2009 23:01.1.1 - NTFSx86 Running from: c:\documents and settings\REP.RP.000\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-3864686508-3413253365-1712271882-1005 c:\windows\Installer\10c729e.msi c:\windows\Installer\12ac6fe3.msi c:\windows\Installer\14dd2bec.msi c:\windows\Installer\178e89.msi c:\windows\Installer\178e8f.msi c:\windows\Installer\178e95.msi c:\windows\Installer\178e9b.msi c:\windows\Installer\178ea1.msi c:\windows\Installer\178ea7.msi c:\windows\Installer\178ead.msi c:\windows\Installer\178eb3.msi c:\windows\Installer\178ec0.msi c:\windows\Installer\178ec7.msi c:\windows\Installer\178ece.msi c:\windows\Installer\178ed5.msi c:\windows\Installer\178edb.msi c:\windows\Installer\178ee8.msi c:\windows\Installer\178eee.msi c:\windows\Installer\178ef4.msi c:\windows\Installer\178efa.msi c:\windows\Installer\178f00.msi c:\windows\Installer\178f06.msi c:\windows\Installer\178f0c.msi c:\windows\Installer\178f12.msi c:\windows\Installer\178f18.msi c:\windows\Installer\178f1e.msi c:\windows\Installer\178f24.msi c:\windows\Installer\178f2b.msi c:\windows\Installer\180c4e3f.msi c:\windows\Installer\1a24e3a.msi c:\windows\Installer\1ab406da.msi c:\windows\Installer\1ae0c0d0.msi c:\windows\Installer\1ae0c0d6.msi c:\windows\Installer\1ae0c0dc.msi c:\windows\Installer\1ae0c108.msi c:\windows\Installer\1ae0c113.msi c:\windows\Installer\1ae0c119.msi c:\windows\Installer\1ae0c11f.msi c:\windows\Installer\1ae0c125.msi c:\windows\Installer\1ae0c12b.msi c:\windows\Installer\1ae0c131.msi c:\windows\Installer\1ae0c13c.msi c:\windows\Installer\1ae0c14b.msi c:\windows\Installer\1ae0c151.msi c:\windows\Installer\1ae0c15d.msi c:\windows\Installer\1ae0c164.msi c:\windows\Installer\1ae0c16c.msi c:\windows\Installer\1ae0c172.msi c:\windows\Installer\1ae0c17c.msi c:\windows\Installer\1ae0c182.msi c:\windows\Installer\1ae0c189.msi c:\windows\Installer\1b5ff2.msi c:\windows\Installer\1e2e6.msi c:\windows\Installer\1e2f2.msi c:\windows\Installer\21091c39.msi c:\windows\Installer\2331a.msi c:\windows\Installer\23c73c40.msi c:\windows\Installer\2953212f.msi c:\windows\Installer\29532135.msi c:\windows\Installer\2953213b.msi c:\windows\Installer\29532141.msi c:\windows\Installer\2953214d.msi c:\windows\Installer\2953215e.msi c:\windows\Installer\29532166.msi c:\windows\Installer\2953216c.msi c:\windows\Installer\29532176.msi c:\windows\Installer\2953219f.msi c:\windows\Installer\29623329.msi c:\windows\Installer\29623348.msi c:\windows\Installer\2ca9e.msi c:\windows\Installer\2cb59.msi c:\windows\Installer\309056.msi c:\windows\Installer\31d2dce4.msi c:\windows\Installer\31d2dcfc.msi c:\windows\Installer\38586913.msi c:\windows\Installer\3858691a.msi c:\windows\Installer\391d03ef.msi c:\windows\Installer\42c3f2.msp c:\windows\Installer\4689ddc.msi c:\windows\Installer\4689de2.msi c:\windows\Installer\4b5427.msi c:\windows\Installer\4b54e1e.msi c:\windows\Installer\5567ff9.msi c:\windows\Installer\5567fff.msi c:\windows\Installer\5568005.msi c:\windows\Installer\55b52.msi c:\windows\Installer\55bdc.msi c:\windows\Installer\55c67.msi c:\windows\Installer\55c6f.msi c:\windows\Installer\55cff.msi c:\windows\Installer\55d07.msi c:\windows\Installer\6dffc7c.msi c:\windows\Installer\7283c.msi c:\windows\Installer\8807630f.msi c:\windows\Installer\9a13f.msi c:\windows\Installer\9a156.msi c:\windows\Installer\9a157.msp c:\windows\Installer\9a158.msp c:\windows\Installer\9a159.msp c:\windows\Installer\9a15a.msp c:\windows\Installer\9a15b.msp c:\windows\Installer\9a15c.msp c:\windows\Installer\9a15d.msp c:\windows\Installer\9a15e.msp c:\windows\Installer\9a15f.msp c:\windows\Installer\9a170.msi c:\windows\Installer\9a171.msp c:\windows\Installer\9a172.msp c:\windows\Installer\9a173.msp c:\windows\Installer\9a174.msp c:\windows\Installer\9a175.msp c:\windows\Installer\9a176.msp c:\windows\Installer\9a177.msp c:\windows\Installer\9a178.msp c:\windows\Installer\9a179.msp c:\windows\Installer\9a17a.msp c:\windows\Installer\9a181.msi c:\windows\Installer\9f56ab.msi c:\windows\Installer\9f56b1.msi c:\windows\Installer\9f56b8.msi c:\windows\Installer\b159cd9.msi c:\windows\Installer\c030ad.msi c:\windows\Installer\dd3db9.msi c:\windows\Installer\f659f1.msi c:\windows\Installer\f7b2a04.msi c:\windows\Installer\f7b2a0a.msi c:\windows\kb913800.exe c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk c:\windows\system32\drivers\kbiwkmtlaknawb.sys c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\kbiwkmkqwukira.dll c:\windows\system32\kbiwkmmhrfubhj.dll c:\windows\system32\kbiwkmnhlilmkx.dat c:\windows\system32\kbiwkmrkddpumc.dat D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmhsdwjoke -------\Legacy_kbiwkmhsdwjoke ((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))))) . 2009-08-22 18:35 . 2009-08-22 18:35 11952 -c--a-w- c:\windows\system32\avgrsstx.dll 2009-08-22 18:35 . 2009-08-22 18:35 108552 -c--a-w- c:\windows\system32\drivers\avgtdix.sys 2009-08-22 18:35 . 2009-08-22 18:35 335240 -c--a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-22 18:35 . 2009-08-22 18:35 27784 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-22 18:35 . 2009-08-22 18:35 -------- dc----w- c:\windows\system32\drivers\Avg 2009-08-22 18:10 . 2009-08-22 18:10 -------- dc----w- c:\documents and settings\REP.RP.000\Application Data\AVG8 2009-08-22 16:49 . 2009-08-22 20:32 664 -c--a-w- c:\windows\system32\d3d9caps.dat 2009-08-22 16:36 . 2009-08-23 01:54 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-19 15:00 . 2009-08-19 15:00 -------- dc----w- c:\documents and settings\REP.RP.000\Application Data\Malwarebytes 2009-08-19 15:00 . 2009-08-03 17:36 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-19 15:00 . 2009-08-03 17:36 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys 2009-08-19 00:47 . 2009-08-19 00:47 -------- dc----w- c:\program files\Common Files\Macrovision Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-22 19:45 . 2009-04-04 20:54 -------- dc----w- c:\program files\Spybot - Search & Destroy 2009-08-22 19:43 . 2006-08-16 16:59 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2009-08-22 18:34 . 2008-05-31 17:11 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8 2009-08-19 15:40 . 2009-01-10 16:13 -------- dc----w- c:\program files\XMalwarebytes' Anti-Malware 2009-08-19 01:00 . 2007-11-03 04:36 -------- dc----w- c:\program files\Bonjour 2009-08-19 00:59 . 2006-07-12 03:49 -------- dc----w- c:\program files\Common Files\Adobe 2009-08-13 03:55 . 2009-04-11 19:31 -------- dc----w- c:\documents and settings\REP.RP.000\Application Data\AdobeUM 2009-08-09 16:34 . 2009-04-04 05:25 -------- dc----w- c:\documents and settings\REP.RP.000\Application Data\HPAppData 2009-07-09 15:07 . 2009-07-09 15:07 -------- dc----w- c:\documents and settings\REP.RP.000\Application Data\Thunderbird 2009-07-09 15:07 . 2009-07-09 15:07 335 -c--a-w- c:\windows\mozregistry.dat 2009-07-09 15:07 . 2006-07-12 00:48 611 -c--a-w- c:\windows\nsreg.dat 2009-07-09 15:07 . 2006-04-13 13:42 -------- dc----w- c:\program files\Netscape 2009-07-09 15:07 . 2009-07-09 15:07 9728 -c--a-w- c:\windows\system32\rnaph.dll 2009-07-09 15:00 . 2007-02-26 18:44 -------- dc----w- c:\program files\NetZero 2009-07-09 14:59 . 2009-07-09 14:59 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\NetZero 2009-06-15 18:35 . 2006-04-13 13:56 130776 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2008-01-25 18:49 . 2008-01-25 18:49 1803972 -c--a-w- c:\program files\bg.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2006-09-30 43520] "NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2009-03-19 1720832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534] "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632] c:\documents and settings\REP.RP.000\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-5 809488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-11-07 20:41 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-22 18:35 11952 -c--a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/22/2009 2:35 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/22/2009 2:35 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/22/2009 2:34 PM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/22/2009 2:34 PM 297752] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [4/8/2009 3:21 PM 10384] R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424] S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [10/11/2008 6:10 PM 74392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.download-app uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-22 23:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????0???0?5?8?9??`???? ???B?????????????hLC? ???0?? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(892) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Completion time: 2009-08-23 23:11 ComboFix-quarantined-files.txt 2009-08-23 03:11 Pre-Run: 3,554,967,552 bytes free Post-Run: 5,295,865,856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect 317 --- E O F --- 2009-07-28 20:08 rpochoda
  8. Greg, Right click on Start, choose Explore, go to the Program Files folder, go to the Malwarebytes folder, then in the right-hand window right click on the file name and choose rename. (If you don't see right and left side windows when you go to Explore, click on the Folders button at the top of the screen.) rpochoda
  9. miekiemoes, My computer shut down in the middle of the AVG scan. I thought that perhaps AVG had been corrupted by the Antivirus Pro, so I uninstalled AVG and downloaded a new version. But before running a new scan, I thought I'd run Anti-Malware again. It found 2 registry keys infected and one file. I removed all, rebooted and ran another Quick Scan. The registry problems are gone, but file is still infected: Files Infected: C:\WINDOWS\system32\kbiwkmkqwukira.dll (Rootkit.TDSS) -> Delete on reboot. Here's the HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:42:46 PM, on 8/22/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\NetZero\exec.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\NetZero\exec.exe C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE C:\Program Files\Malwarebytes' Anti-Malware\090822cln.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dialupforfree.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.dialupforfree.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dialupforfree.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dialupforfree.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.dialupforfree.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dialupforfree.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dialupforfree.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.download-app R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {642BF859-5616-4839-B474-658072B3FFC2} (Scanner Control) - http://www.smartpctools.com/free_registry_.../RegScanner.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9598 bytes Thanks for your help, rpochoda
  10. Well, that seems to have done it. I have no idea why it ran this time. Can it possibly have made a difference that I ran the setup and the .exe from the desktop this time? I just updated my AVG anti-virus and am doing a full scan. (It wouldn't run at all before.) I'll let you know if anything still seems out of whack. Thanks again. rpochoda
  11. Just downloaded a new version and renamed the setup file before running, the then renamed the .exe. It seems to be running. I'll let you know what it comes up with when finished. rpochoda
  12. Thanks for responding. I had already renamed mbam.exe file to newname.exe and it still failed to run. Got a message saying there were runtime errors '0' and '440'. rpochoda
  13. Even a pro can be really, really stupid sometimes. I was lazy and didn't check before downloading Windows Antivirus Pro. I already have your anti-malware file on my computer but can't get it to run, even after renaming. I get runtime errors '0' and '440'. Here's the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:51:45 AM, on 8/19/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dialupforfree.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.dialupforfree.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dialupforfree.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dialupforfree.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.dialupforfree.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dialupforfree.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dialupforfree.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avg.com/ww.download-app R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: ICQSys (IE PlugIn) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - C:\WINDOWS\system32\dddesot.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop O16 - DPF: {642BF859-5616-4839-B474-658072B3FFC2} (Scanner Control) - http://www.smartpctools.com/free_registry_.../RegScanner.ocx O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\WINDOWS\svchast.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8290 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.