Vapour Trails

Ran OTL after combo fix OTL Extras logfile created on: 3/30/2012 3:03:18 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Chris\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.37 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 75.54% Memory free 5.21 Gb Paging File | 4.62 Gb Available in Paging File | 88.63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.06 Gb Total Space | 20.95 Gb Free Space | 53.64% Space Free | Partition Type: NTFS Drive D: | 78.13 Gb Total Space | 32.90 Gb Free Space | 42.11% Space Free | Partition Type: NTFS Drive F: | 69.11 Gb Total Space | 40.58 Gb Free Space | 58.71% Space Free | Partition Type: NTFS Drive G: | 1007.95 Mb Total Space | 969.16 Mb Free Space | 96.15% Space Free | Partition Type: FAT Computer Name: UPGRAYEDD | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Documents and Settings\Chris\My Documents\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Documents and Settings\Chris\My Documents\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers "{19CF1A77-C522-4082-8A2B-A9952EE9E372}" = R16_R24 Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Internet Security "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AFM_E" = ZOOM Audio File Manager Ver 2.0.4.0 (English) "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DVD Shrink_is1" = DVD Shrink 3.2 "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "IE8" = Sereby's Updatepack - IE8 Addon Version 1.0.7 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US) "MP Navigator EX 1.2" = Canon MP Navigator EX 1.2 "MuseScore" = MuseScore 1.0 MuseScore score typesetter "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Poker Tracker Version 2.17.04m_is1" = Poker Tracker Version 2.17.04m "REAPER" = REAPER "VLC media player" = VLC media player 1.1.5 "WinGimp-2.0_is1" = GIMP 2.6.11 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/9/2012 12:44:26 PM | Computer Name = UPGRAYEDD | Source = Microsoft Office 14 | ID = 1000 Description = Faulting application outlook.exe, version 14.0.6109.5005, stamp 4e79b881, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00000200. Error - 3/9/2012 3:14:25 PM | Computer Name = UPGRAYEDD | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 10.0.2.4428, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/15/2012 12:17:12 PM | Computer Name = UPGRAYEDD | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 3/15/2012 12:17:12 PM | Computer Name = UPGRAYEDD | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Error - 3/15/2012 12:17:22 PM | Computer Name = UPGRAYEDD | Source = crypt32 | ID = 131075 Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This operation returned because the timeout period expired. Error - 3/15/2012 12:17:22 PM | Computer Name = UPGRAYEDD | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation. Error - 3/15/2012 12:17:27 PM | Computer Name = UPGRAYEDD | Source = crypt32 | ID = 131075 Description = Failed auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: This operation returned because the timeout period expired. Error - 3/20/2012 11:22:26 PM | Computer Name = UPGRAYEDD | Source = Microsoft Office 14 | ID = 5000 Description = EventType office12asserttimer, P1 2lz8, P2 14.0.6029.0, P3 5, P4 2312, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. Error - 3/24/2012 12:31:15 PM | Computer Name = UPGRAYEDD | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 3/29/2012 12:15:39 PM | Computer Name = UPGRAYEDD | Source = Application Hang | ID = 1002 Description = Hanging application firefox.exe, version 11.0.0.4454, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ SitNGoWizard Events ] Error - 12/7/2010 11:26:43 PM | Computer Name = UPGRAYEDD | Source = SitNGoWizard | ID = 1 Description = Invoke or BeginInvoke cannot be called on a control until the window handle has been created. [ System Events ] Error - 3/29/2012 3:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At39.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 3:25:29 PM | Computer Name = UPGRAYEDD | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 3/29/2012 4:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At40.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 4:32:12 PM | Computer Name = UPGRAYEDD | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 3/29/2012 5:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At41.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 6:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At42.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 7:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At43.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 8:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At44.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 9:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At45.job command failed to start due to the following error: %%2147942402 Error - 3/29/2012 10:00:00 PM | Computer Name = UPGRAYEDD | Source = Schedule | ID = 7901 Description = The At46.job command failed to start due to the following error: %%2147942402 < End of report >

Ran Combofix this afternoon report below ComboFix 12-03-30.06 - Chris 03/30/2012 12:57:20.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2626 [GMT -5:00] Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\84WV644W.exe c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe c:\documents and settings\Chris\Application Data\3C7FC64A.exe c:\documents and settings\Chris\Application Data\html.html . . ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 ))))))))))))))))))))))))))))))) . . 2012-03-30 01:52 . 2012-03-30 01:52 -------- d-----w- c:\program files\Common Files\Adobe 2012-03-29 23:30 . 2010-12-24 03:22 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys 2012-03-29 20:01 . 2012-03-29 20:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE 2012-03-21 03:22 . 2012-03-21 03:22 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PCHealth 2012-03-18 00:39 . 2012-03-18 00:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-18 00:39 . 2012-03-18 00:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-03 09:26 . 2010-08-21 02:52 1869184 ----a-w- c:\windows\system32\win32k.sys 2012-01-21 22:04 . 2012-01-21 22:05 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-21 22:04 . 2012-01-21 22:05 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-11 19:06 . 2012-02-15 04:54 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2010-10-30 19:08 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-18 00:39 . 2011-11-12 21:40 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-08-21 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 13578240] "nwiz"="nwiz.exe" [2008-10-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-16 86016] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-10-07 33538048] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "PMBVolumeWatcher"="f:\video\Handycam\PMBVolumeWatcher.exe" [2010-03-24 599328] "NBKeyScan"="f:\nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2011-04-14 421160] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Malwarebytes' Anti-Malware"="f:\malwarebytes' anti-malware\mbamgui.exe" [2012-01-13 460872] "Adobe Reader Speed Launcher"="d:\adobe\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] "ShowDeskFix"="shell32" [X] "IE8"="advpack.dll" [2009-03-08 128512] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "d:\\iTunes\\iTunes.exe"= "c:\\Program Files\\VIA\\VIAudioi\\HDADeck\\HDeck.exe"= . R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [6/21/2011 3:26 PM 652360] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;f:\video\Handycam\PMBDeviceInfoProvider.exe [10/24/2009 4:18 AM 360224] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/23/2010 10:30 PM 64080] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2011 1:40 PM 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [10/30/2010 3:41 PM 39456] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/29/2012 6:30 PM 341072] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [10/30/2010 3:43 PM 876288] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12/23/2010 10:27 PM 188272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\drivers\zmr16usbaudio.sys [12/11/2011 1:48 PM 79360] . Contents of the 'Scheduled Tasks' folder . 2012-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.globeandmail.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226 FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\61igybtb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.globeandmail.com/ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . AddRemove-LADSPA_plugins-win_is1 - f:\audacity\Plug-Ins\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-30 13:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,cd,c5,3f,42,73,72,42,9f,8d,ff,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,cd,c5,3f,42,73,72,42,9f,8d,ff,\ . Completion time: 2012-03-30 13:01:37 ComboFix-quarantined-files.txt 2012-03-30 18:01 . Pre-Run: 17,002,872,832 bytes free Post-Run: 18,930,900,992 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - DEBCC234A93122B927AA4D39111F86B4

Last MBAM scan Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.29.09 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Chris :: UPGRAYEDD [administrator] 3/29/2012 9:35:05 PM mbam-log-2012-03-29 (21-35-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 225053 Time elapsed: 6 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

I deleted the registry entries using Rogue Killer, post-delete scan below RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Chris [Admin rights] Mode: Scan -- Date: 03/29/2012 21:30:01 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[41] : NtCreateKey @ 0x80624120 -> HOOKED (Unknown @ 0x873C5780) SSDT[43] : NtCreateMutant @ 0x806176CE -> HOOKED (Unknown @ 0x8739D500) SSDT[47] : NtCreateProcess @ 0x805D1260 -> HOOKED (Unknown @ 0x873C4580) SSDT[48] : NtCreateProcessEx @ 0x805D11AA -> HOOKED (Unknown @ 0x873C4880) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A26 -> HOOKED (Unknown @ 0x8739D8C0) SSDT[53] : NtCreateThread @ 0x805D1048 -> HOOKED (Unknown @ 0x8739D020) SSDT[63] : NtDeleteKey @ 0x806245BC -> HOOKED (Unknown @ 0x873C5D80) SSDT[65] : NtDeleteValueKey @ 0x8062478C -> HOOKED (Unknown @ 0x873C6680) SSDT[68] : NtDuplicateObject @ 0x805BE034 -> HOOKED (Unknown @ 0x8739DAA0) SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (Unknown @ 0x8739D200) SSDT[122] : NtOpenProcess @ 0x805CB470 -> HOOKED (Unknown @ 0x873C4B80) SSDT[125] : NtOpenSection @ 0x805AA418 -> HOOKED (Unknown @ 0x873C6C60) SSDT[128] : NtOpenThread @ 0x805CB6FC -> HOOKED (Unknown @ 0x873C4E80) SSDT[192] : NtRenameKey @ 0x80623B42 -> HOOKED (Unknown @ 0x873C6080) SSDT[204] : NtRestoreKey @ 0x80625B00 -> HOOKED (Unknown @ 0x873C6380) SSDT[240] : NtSetSystemInformation @ 0x8060FD36 -> HOOKED (Unknown @ 0x8739D6E0) SSDT[247] : NtSetValueKey @ 0x80622692 -> HOOKED (Unknown @ 0x873C5A80) SSDT[257] : NtTerminateProcess @ 0x805D2A12 -> HOOKED (Unknown @ 0x873C5180) SSDT[258] : NtTerminateThread @ 0x805D2C0C -> HOOKED (Unknown @ 0x873C5480) SSDT[277] : NtWriteVirtualMemory @ 0x805B43F8 -> HOOKED (Unknown @ 0x873C6E40) S_SSDT[548] : Unknown -> HOOKED (Unknown @ 0x8739EF60) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8739ED40) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 94.63.147.16 www.google.com 94.63.147.17 www.bing.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2000JB-00GVA0 +++++ --- User --- [MBR] 7216381d0f822aa15cfbfd7380c5c891 [bSP] f70a8d0dca29fb99ba496469689ffb02 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 150774 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: CBM Flash Disk USB Device +++++ --- User --- [MBR] 73cbcbbb72fdc4b9a4d4aa5474c633d4 [bSP] ff5ab1cd8a5af1bf6d71114e543a25df : Standard MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1008 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Rogue Killer report below RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User: Chris [Admin rights] Mode: Scan -- Date: 03/29/2012 21:16:48 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 56 ¤¤¤ [sUSP PATH] At17.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At16.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At15.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At14.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At13.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At12.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At11.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At10.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At1.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At26.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At25.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At24.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At23.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At22.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At21.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At20.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At2.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At19.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At18.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At35.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At34.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At33.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At32.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At31.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At30.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At3.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At29.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At28.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At27.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At44.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At43.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At42.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At41.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At40.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At4.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At39.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At38.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At37.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At36.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At9.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At8.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At7.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At6.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At5.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe -> FOUND [sUSP PATH] At48.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At47.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At46.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [sUSP PATH] At45.job @ : C:\Documents and Settings\All Users\Application Data\84WV644W.exe_ -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[41] : NtCreateKey @ 0x80624120 -> HOOKED (Unknown @ 0x873A4780) SSDT[43] : NtCreateMutant @ 0x806176CE -> HOOKED (Unknown @ 0x87376500) SSDT[47] : NtCreateProcess @ 0x805D1260 -> HOOKED (Unknown @ 0x873A3580) SSDT[48] : NtCreateProcessEx @ 0x805D11AA -> HOOKED (Unknown @ 0x873A3880) SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A26 -> HOOKED (Unknown @ 0x873768C0) SSDT[53] : NtCreateThread @ 0x805D1048 -> HOOKED (Unknown @ 0x87376020) SSDT[63] : NtDeleteKey @ 0x806245BC -> HOOKED (Unknown @ 0x873A4D80) SSDT[65] : NtDeleteValueKey @ 0x8062478C -> HOOKED (Unknown @ 0x873A5680) SSDT[68] : NtDuplicateObject @ 0x805BE034 -> HOOKED (Unknown @ 0x87376AA0) SSDT[97] : NtLoadDriver @ 0x80584160 -> HOOKED (Unknown @ 0x87376200) SSDT[122] : NtOpenProcess @ 0x805CB470 -> HOOKED (Unknown @ 0x873A3B80) SSDT[125] : NtOpenSection @ 0x805AA418 -> HOOKED (Unknown @ 0x873A5C60) SSDT[128] : NtOpenThread @ 0x805CB6FC -> HOOKED (Unknown @ 0x873A3E80) SSDT[192] : NtRenameKey @ 0x80623B42 -> HOOKED (Unknown @ 0x873A5080) SSDT[204] : NtRestoreKey @ 0x80625B00 -> HOOKED (Unknown @ 0x873A5380) SSDT[240] : NtSetSystemInformation @ 0x8060FD36 -> HOOKED (Unknown @ 0x873766E0) SSDT[247] : NtSetValueKey @ 0x80622692 -> HOOKED (Unknown @ 0x873A4A80) SSDT[257] : NtTerminateProcess @ 0x805D2A12 -> HOOKED (Unknown @ 0x873A4180) SSDT[258] : NtTerminateThread @ 0x805D2C0C -> HOOKED (Unknown @ 0x873A4480) SSDT[277] : NtWriteVirtualMemory @ 0x805B43F8 -> HOOKED (Unknown @ 0x873A5E40) S_SSDT[548] : Unknown -> HOOKED (Unknown @ 0x87377CA0) S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x87377A80) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 94.63.147.16 www.google.com 94.63.147.17 www.bing.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2000JB-00GVA0 +++++ --- User --- [MBR] 7216381d0f822aa15cfbfd7380c5c891 [bSP] f70a8d0dca29fb99ba496469689ffb02 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39997 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 81915435 | Size: 150774 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: CBM Flash Disk USB Device +++++ --- User --- [MBR] 73cbcbbb72fdc4b9a4d4aa5474c633d4 [bSP] ff5ab1cd8a5af1bf6d71114e543a25df : Standard MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1008 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt

Still getting internet explorer randomly opening with popups (and use I firefox). Infection is not cleared and I am currently running 3rd full scan.

DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Chris at 16:06:49 on 2012-03-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2263 [GMT -5:00] . AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe svchost.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe F:\Video\Handycam\PMBVolumeWatcher.exe D:\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe F:\Malwarebytes' Anti-Malware\mbamservice.exe F:\Nero\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe F:\Video\Handycam\PMBDeviceInfoProvider.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Documents and Settings\All Users\Application Data\84WV644W.exe C:\Documents and Settings\All Users\Application Data\84WV644W.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\All Users\Application Data\84WV644W.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.globeandmail.com/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1 mRun: [Adobe Reader Speed Launcher] "d:\adobe\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL "" mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [PMBVolumeWatcher] f:\video\handycam\PMBVolumeWatcher.exe mRun: [NBKeyScan] "f:\nero\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe" mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\9.0" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe" mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "f:\malwarebytes' anti-malware\mbamgui.exe" /starttray dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 dRunOnce: [iE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.photolab.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL Hosts: 94.63.147.16 www.google.com Hosts: 94.63.147.17 www.bing.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\61igybtb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.globeandmail.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: d:\adobe\reader\browser\nppdf32.dll FF - plugin: d:\itunes\mozilla plugins\npitunes.dll . ============= SERVICES / DRIVERS =============== . R2 MBAMService;MBAMService;f:\malwarebytes' anti-malware\mbamservice.exe [2011-6-21 652360] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;f:\video\handycam\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-12-23 64080] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-7 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-10-30 39456] R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-10-30 876288] S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2010-12-23 188272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 ZOOM_R16MTR;ZOOM R16_R24 Audio Interface;c:\windows\system32\drivers\zmr16usbaudio.sys [2011-12-11 79360] . =============== Created Last 30 ================ . 2012-03-29 16:10:28 99328 ----a-w- c:\documents and settings\all users\application data\84WV644W.exe 2012-03-29 16:10:26 99328 ----a-w- c:\documents and settings\chris\application data\3C7FC64A.exe 2012-03-21 03:22:26 -------- d-----w- c:\documents and settings\chris\local settings\application data\PCHealth 2012-03-18 00:39:51 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-18 00:39:51 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys 2012-01-21 22:04:51 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-01-21 22:04:51 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 16:07:08.32 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/30/2010 2:16:21 PM System Uptime: 3/29/2012 3:31:41 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | M3N78-VM Processor: AMD Athlon 7750 Dual-Core Processor | AM2 | 2699/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 39 GiB total, 11.061 GiB free. D: is FIXED (NTFS) - 78 GiB total, 32.817 GiB free. E: is CDROM (CDFS) F: is FIXED (NTFS) - 69 GiB total, 25.126 GiB free. G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP527: 2/25/2012 3:30:03 AM - System Checkpoint RP528: 2/26/2012 3:32:06 AM - System Checkpoint RP529: 2/27/2012 3:35:22 AM - System Checkpoint RP530: 2/28/2012 3:37:29 AM - System Checkpoint RP531: 2/29/2012 3:42:38 AM - System Checkpoint RP532: 3/1/2012 3:44:51 AM - System Checkpoint RP533: 3/2/2012 3:48:02 AM - System Checkpoint RP534: 3/3/2012 3:50:04 AM - System Checkpoint RP535: 3/4/2012 3:53:10 AM - System Checkpoint RP536: 3/5/2012 3:56:15 AM - System Checkpoint RP537: 3/6/2012 3:58:23 AM - System Checkpoint RP538: 3/7/2012 8:59:51 AM - System Checkpoint RP539: 3/8/2012 10:04:26 AM - System Checkpoint RP540: 3/9/2012 11:05:51 AM - System Checkpoint RP541: 3/10/2012 12:16:39 PM - System Checkpoint RP542: 3/11/2012 2:13:06 PM - System Checkpoint RP543: 3/12/2012 3:09:54 PM - System Checkpoint RP544: 3/13/2012 4:03:12 PM - System Checkpoint RP545: 3/14/2012 4:33:42 PM - System Checkpoint RP546: 3/15/2012 3:00:15 AM - Software Distribution Service 3.0 RP547: 3/16/2012 3:18:18 AM - System Checkpoint RP548: 3/17/2012 3:20:24 AM - System Checkpoint RP549: 3/18/2012 3:21:25 AM - System Checkpoint RP550: 3/19/2012 3:24:42 AM - System Checkpoint RP551: 3/20/2012 3:26:49 AM - System Checkpoint RP552: 3/21/2012 3:28:58 AM - System Checkpoint RP553: 3/22/2012 3:31:05 AM - System Checkpoint RP554: 3/23/2012 3:35:06 AM - System Checkpoint RP555: 3/24/2012 3:37:07 AM - System Checkpoint RP556: 3/25/2012 3:39:12 AM - System Checkpoint RP557: 3/26/2012 3:41:20 AM - System Checkpoint RP558: 3/27/2012 3:44:26 AM - System Checkpoint RP559: 3/28/2012 4:04:16 AM - System Checkpoint RP560: 3/29/2012 4:07:30 AM - System Checkpoint . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.2.6 AMD Processor Driver Apple Application Support Apple Mobile Device Support Apple Software Update Bonjour Canon MP Navigator EX 1.2 Canon MP190 series MP Drivers Canon My Printer Canon Utilities Easy-PhotoPrint EX Canon Utilities Solution Menu CyberLink PowerDirector Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DVD Shrink 3.2 GIMP 2.6.11 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB969084) iTunes Java Auto Updater Java 6 Update 29 LADSPA_plugins-win-0.4.15 Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XML Parser Mozilla Firefox 11.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MuseScore 1.0 MuseScore score typesetter Nero 8 neroxml NVIDIA Drivers NVIDIA PhysX v8.10.13 PC Probe II Platform PMB Poker Tracker Version 2.17.04m QuickTime R16_R24 Driver REAPER Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2483614) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB982132) Sereby's Updatepack - IE8 Addon Version 1.0.7 Trend Micro Titanium Internet Security Trend Micro™ Titanium™ Internet Security Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Update for Windows Internet Explorer 8 (KB2362765) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB971029) VCRedistSetup VIA Platform Device Manager VLC media player 1.1.5 WebEx Support Manager for Internet Explorer WebFldrs XP XML Paper Specification Shared Components Pack 1.0 ZOOM Audio File Manager Ver 2.0.4.0 (English) . ==== Event Viewer Messages From Past Week ======== . 3/29/2012 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402 3/29/2012 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402 3/29/2012 2:25:29 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 3/29/2012 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402 3/29/2012 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402 3/29/2012 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402 3/27/2012 11:59:35 AM, error: Print [19] - Sharing printer failed + 1722, Printer WebEx Document Loader share name Printer. . ==== End Of File ===========================

In addition, I have a new folder off my "All progams" menu. The folder is named "Spyware Protection". I did not install this program. I found an application file for this program and it is dated at the time of attack? What should I do to remove this program/file?

Log from 1st scan Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.29.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Chris :: UPGRAYEDD [administrator] 3/29/2012 12:42:48 PM mbam-log-2012-03-29 (12-42-48).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 295491 Time elapsed: 1 hour(s), 28 minute(s), 23 second(s) Memory Processes Detected: 2 C:\Documents and Settings\Chris\Application Data\hpkqqdof.exe (Trojan.LockScreen) -> 384 -> Delete on reboot. C:\Documents and Settings\Chris\Application Data\hpkqqdof.exe (Trojan.LockScreen) -> 1968 -> Delete on reboot. Memory Modules Detected: 1 C:\Documents and Settings\Chris\Application Data\dplayx.dll (Trojan.QHost.BG) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Trojan.LockScreen) -> Data: C:\Documents and Settings\Chris\Application Data\hpkqqdof.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Health Status (Trojan.LockScreen) -> Data: C:\Documents and Settings\Chris\Application Data\hpkqqdof.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Documents and Settings\All Users\Application Data\piQMlgQnBkGLi.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Application Data\dplaysvr.exe (Trojan.Ransom) -> Delete on reboot. C:\Documents and Settings\Chris\Local Settings\Temp\cgs8h0.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. C:\Documents and Settings\Chris\Application Data\dplayx.dll (Trojan.QHost.BG) -> Delete on reboot. C:\Documents and Settings\Chris\Application Data\hpkqqdof.exe (Trojan.LockScreen) -> Delete on reboot. (end) Log from 2nd scan Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.29.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Chris :: UPGRAYEDD [administrator] Protection: Enabled 3/29/2012 2:44:28 PM mbam-log-2012-03-29 (14-44-28).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 291081 Time elapsed: 42 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\Chris\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Documents and Settings\Chris\Application Data\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) What further steps should I take to clean my computer?

I ran unhide.exe which allowed to to update and run MBAM. It found 16 infections. After rebooit it seems like I have regained control of my computer. How can I get the text file results for the scan I performed that found the infections? I cannot seem to find it.

2700 Athlon, 3.3 GB RAM, Windows XP SP3 I was on the internet this morning when Firefox suddenly closed and my Trend Micro popped up saying it had just stopped an execuable file. I attempted to go back on the internet when I got a pop up message saying my HDD was damaged and need to be scanned/repaired. I cancelled and the prompts and then my computer automatically rebooted. Now my desktop is blank and well as all folders/programs. I am currently scanning the entire drive with trend micro (it's the only thing that works) and nothing has turned up yet. How can I get access to my programs to run MBAM?

Thanks for the response, however I decided to reformat my HD and do a clean install of my O/S just hours before you posted. I thought the damage and potential risk of using the system in the future was too great. I will not be using 2P2 programs in the future, I have learned my lesson.

2700 Athlon, 2 GB RAM, Windows XP SP3 I've been having reoccuring "Win32 generic host process error" faults related to svchost.exe. After this fault the computer hangs I have to reboot. Problem was occasional at first, now I have maybe 20 minutes before it happens. Applications sometimes need to be started several times before they work. I can't see to update windows and I can't connect to the updates webpage, so I think something is blocking it. I am using Trend Micro antivirus, it hasn't detected anything. I downloaded malwarebytes and scanned and got this. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4957 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/26/2010 8:49:54 PM mbam-log-2010-10-26 (20-49-54).txt Scan type: Quick scan Objects scanned: 178046 Time elapsed: 15 minute(s), 26 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Chris Kempan\Local Settings\Temp\Set6F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully. The computer worked very well for about 90 minutes after using malwarebytes, then the same problems came back. Subsequent scans turn up nothing. Ran DDS according to help thread DDS (Ver_10-10-21.02) - NTFSx86 Run by Chris Kempan at 17:21:06.96 on Wed 10/27/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1349 [GMT -5:00] AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Documents and Settings\Chris Kempan\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.globeandmail.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MSKAgent.exe uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe I tried running GMER three times and it hangs on loading. The window appears but the hourglass never goes away, I cannot initiate a scan. HELP! Attach.txt log UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-10-21.02) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/12/2009 4:28:25 AM System Uptime: 10/27/2010 5:11:44 PM (0 hours ago) Motherboard: ASUSTeK Computer INC. | | M3N78-VM Processor: AMD Athlon 7750 Dual-Core Processor | AM2 | 2699/200mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 186 GiB total, 104.167 GiB free. D: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin AMD Processor Driver Apple Application Support Apple Mobile Device Support Apple Software Update AutoUpdate BitTorrent Bonjour Camera Support Core Library Camera Window DS Camera Window DVC Camera Window MC Canon Camera Support Core Library Canon Camera Window DS for ZoomBrowser EX Canon Camera Window DVC for ZoomBrowser EX Canon Camera Window for ZoomBrowser EX Canon MovieEdit Task for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities PhotoStitch 3.1 Canon ZoomBrowser EX Cisco Network Magic CMR_DAT_FORD Creative PC-CAM Center Lite Creative WebCam Monitor Creative WebCam NX Driver (1.02.01.0827) Creative WebCam NX User's Guide (English) Dell Photo Printer 720 DivX Codec Doom 3 DSDownloader 2.2.1.9 DVD Shrink 3.2 Enable S3 for USB Device Everio MediaBrowser FTPRush (remove only) GIMP 2.6.6 Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 3 Java 2 Runtime Environment, SE v1.4.2_09 Java 6 Update 16 jv16 PowerTools 1.3 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Motherboard Monitor 5 MovieEdit Task MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Nero 6 Enterprise Edition Network Magic NVIDIA Drivers NVIDIA PhysX v8.10.13 PhotoStitch PL-2303 USB-to-Serial Platform Poker Tracker Version 2.08.02 PokerAce Hud (remove only) PokerStars PokerStove version 1.23 PostgreSQL 8.3 Pure Networks Platform QuickTime RAW Image Task 1.2 Realtek AC'97 Audio RemoteCapture Task 1.1 Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972260) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) SpeedFan (remove only) Texas Holdem Hand Calculator Trend Micro Internet Security Trinity USB Drivers 1.1.1.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB973874) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VIA Platform Device Manager Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VLC media player 0.9.2 WebFldrs XP Windows Driver Package - DIABLO (usbser) Ports (01/30/2009 1.1.1.1) Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) Windows Internet Explorer 8 Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 ==== Event Viewer Messages From Past Week ======== 10/26/2010 8:54:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid nv_agp 10/26/2010 8:52:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 10/25/2010 5:43:40 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created. 10/25/2010 12:03:50 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 10/25/2010 12:03:50 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running. 10/24/2010 9:26:58 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 10/24/2010 9:26:58 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver. 10/24/2010 11:44:24 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 10/24/2010 11:43:24 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 10/24/2010 11:38:00 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820} 10/24/2010 1:50:35 PM, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting. 10/24/2010 1:01:41 PM, error: NetBT [4321] - The name "CHRIS :20" could not be registered on the Interface with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did not allow the name to be claimed by this machine. 10/24/2010 1:01:41 PM, error: NetBT [4321] - The name "CHRIS :0" could not be registered on the Interface with IP address 192.168.1.102. The machine with the IP address 192.168.1.100 did not allow the name to be claimed by this machine. 10/24/2010 1:01:29 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{CC1433FD-C41A-478C-87D8-A722338C6AEE} because another computer on the network has the same name. The server could not start. ==== End Of File ===========================