Jump to content

Help! HJT log attached--can't install MBAM

Ben Turner
 Share

Recommended Posts

Ben Turner

Ben Turner

Posted
Posted

Hi all,

Trying to remove something nasty from my friend's comp that manifested itself as "Personal Antivirus" and had all the usual systray popups and browser redirects. Downloaded HJT and MBAM to a stick and tried to install MBAM, but got the hourglass, then nothing. Read the forums and found other users had renamed the installer and had success. . . that worked, but the installer hung up on "finishing installation". After 30 minutes I did a Ctr/alt/del and killed the program, but can't open MBAM.

I also downloaded and installed Avira Antivir Personal, but it found nothing.

Per instructions, here's my HJT logfile. Any help appreciated.

Regards,

Ben

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:11:57 AM, on 5/30/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\AT&T\Communication Manager\ATTCM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bmwebcfg.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\Program Files\AT&T\Communication Manager\bmctl.exe

C:\Documents and Settings\Ben Turner\Application Data\U3\0000060508029976\LaunchPad.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Internet Explorer\Iexplore.exe

C:\Program Files\Internet Explorer\Iexplore.exe

H:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O10 - Unknown file in Winsock LSP: bmnet.dll

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop

O18 - Filter hijack: text/html - {3f1b0329-3480-4573-b807-407b03b147c7} - C:\WINDOWS\system32\dsound3dd.dll

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe

O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 11035 bytes

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Hello Ben Turner

Welcome to Malwarebytes. :P

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

===========

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
Link to post
Share on other sites
Ben Turner

Ben Turner

Posted
  • Author
Posted

I'll have to post these one at a time:

OTL Extras logfile created on: 5/30/2009 8:07:30 PM - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Ben Turner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.64% Memory free

2.60 Gb Paging File | 2.01 Gb Available in Paging File | 77.28% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 59.54 Gb Total Space | 29.68 Gb Free Space | 49.85% Space Free | Partition Type: NTFS

Drive D: | 13.95 Gb Total Space | 0.82 Gb Free Space | 5.89% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 93.16 Gb Total Space | 93.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BTLAPTOP

Current User Name: Ben Turner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing (Microsoft Corporation)

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found

C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (America Online, Inc.)

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found

C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found

C:\Program Files\Common Files\AOL\1193369300\EE\AOLServiceHost.exe:*:Enabled:AOL File not found

C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found

C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found

C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found

C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found

C:\Program Files\Hp\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client (Hewlett-Packard)

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)

C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)

C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody (RealNetworks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module

"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup

"{1313740E-0072-4E2D-A628-DEFCD38B577A}" = HP User Guides 0011

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2

"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations

"{26502D04-57B1-4A2D-8D5D-9DE36FC99355}" = Mobile Broadband Generic Drivers

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006

"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5

"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1

"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2

"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap

"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm

"{40CE69DD-8398-4C3F-B18E-ADA9B1BB556C}" = Brother HL-2070N

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1

"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant

"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig

"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1

"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8

"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer

"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1

"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK

"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI

"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig

"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =

"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation

"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module

"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9

"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio

"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module

"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder

"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3

"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar

"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update

"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes

"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig

"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime

"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D73F386A-A580-40AF-9FED-BEE0D66E2FE5}" = AT&T Communication Manager

"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1

"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo

"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5

"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"CNXT_HDAUDIO" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP

"eGames GameButler" = eGames GameButler

"Egg vs. Chicken" = Egg vs. Chicken

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 6.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.0

"HP Rhapsody" = HP Rhapsody

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"JumpStart World Presents Pet Playground" = JumpStart World Presents Pet Playground

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Money2006b" = Microsoft Money 2006

"Netscape Browser" = Netscape Browser (remove only)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Pencil-Pal Kindergarten" = Pencil-Pal Kindergarten

"PROSet" = Intel® PRO Network Connections Drivers

"RealPlayer 6.0" = RealPlayer Basic

"Shoot the Roach" = Shoot the Roach

"ST6UNST #1" = Autotel For Windows

"ST6UNST #2" = Stockwiz2 - Herbert L. Flake Company

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Extras" = Yahoo! Browser Services

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/3/2008 6:38:46 AM | Computer Name = BTLAPTOP | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 7.0.6000.16608, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2008 12:26:18 PM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

module ntdll.dll, version 5.1.2600.2180, fault address 0x0001218e.

Error - 4/9/2008 9:06:08 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

module hnetcfg.dll, version 5.1.2600.2180, fault address 0x00026576.

Error - 4/9/2008 9:06:15 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1001

Description = Fault bucket 715955234.

Error - 4/11/2008 6:49:56 AM | Computer Name = BTLAPTOP | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,

P10 NIL.

Error - 4/11/2008 2:23:56 PM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

module ntdll.dll, version 5.1.2600.2180, fault address 0x0001218e.

Error - 4/15/2008 8:02:29 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting

module yahoomessenger.exe, version 8.1.0.421, fault address 0x0022fec2.

Error - 4/15/2008 8:02:50 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1001

Description = Fault bucket 507368270.

Error - 4/21/2008 6:41:36 AM | Computer Name = BTLAPTOP | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16640, faulting

module unknown, version 0.0.0.0, fault address 0x60b47930.

Error - 4/30/2008 1:50:42 AM | Computer Name = BTLAPTOP | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4

1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,

P10 NIL.

[ System Events ]

Error - 5/30/2009 7:58:32 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

error message: The referenced assembly is not installed on your system. .

Error - 5/30/2009 7:58:32 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.

Reference

error message: The operation completed successfully. .

Error - 5/30/2009 7:59:01 PM | Computer Name = BTLAPTOP | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BTKRNL

Error - 5/30/2009 7:59:10 PM | Computer Name = BTLAPTOP | Source = DCOM | ID = 10010

Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register

with DCOM within the required timeout.

Error - 5/30/2009 7:59:18 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842784

Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last

Error was The referenced assembly is not installed on your system.

Error - 5/30/2009 7:59:18 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

error message: The referenced assembly is not installed on your system. .

Error - 5/30/2009 7:59:18 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.

Reference

error message: The operation completed successfully. .

Error - 5/30/2009 7:59:19 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842784

Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last

Error was The referenced assembly is not installed on your system.

Error - 5/30/2009 7:59:19 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference

error message: The referenced assembly is not installed on your system. .

Error - 5/30/2009 7:59:19 PM | Computer Name = BTLAPTOP | Source = SideBySide | ID = 16842811

Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.

Reference

error message: The operation completed successfully. .

< End of report >

Link to post
Share on other sites
Ben Turner

Ben Turner

Posted
  • Author
Posted

OTL logfile created on: 5/30/2009 8:07:30 PM - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Ben Turner\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.64% Memory free

2.60 Gb Paging File | 2.01 Gb Available in Paging File | 77.28% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 59.54 Gb Total Space | 29.68 Gb Free Space | 49.85% Space Free | Partition Type: NTFS

Drive D: | 13.95 Gb Total Space | 0.82 Gb Free Space | 5.89% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

Drive F: | 93.16 Gb Total Space | 93.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: BTLAPTOP

Current User Name: Ben Turner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 30 Days

Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

PRC - C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN (OpenOffice.org)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)

PRC - C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)

PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)

PRC - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()

PRC - C:\Program Files\AT&T\Communication Manager\bmctl.exe (Bytemobile, Inc.)

PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Ben Turner\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)

SRV - (ATTRcAppSvc [On_Demand | Running]) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (PCTEL)

SRV - (bmwebcfg [Auto | Running]) -- C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)

SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)

SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)

SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)

SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)

SRV - (MSMQ [Auto | Running]) -- C:\WINDOWS\system32\mqsvc.exe (Microsoft Corporation)

SRV - (MSMQTriggers [Auto | Running]) -- C:\WINDOWS\system32\mqtgsvc.exe (Microsoft Corporation)

SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (NWCWorkstation [Auto | Running]) -- C:\WINDOWS\System32\nwwks.dll (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (UMWdf [On_Demand | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ACGPRS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\acgprs.sys (Sierra Wireless Inc.)

DRV - (AliIde [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (avgio [system | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (avipbb [system | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)

DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)

DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)

DRV - (eabfiltr [system | Running]) -- C:\WINDOWS\system32\DRIVERS\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\eabusb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (GT72NDISIPXP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Gt51Ip.sys (Option NV)

DRV - (GT72UBUS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gt72ubus.sys (Option N.V.)

DRV - (GTPTSER [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\gtptser.sys (Option N.V.)

DRV - (HBtnKey [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)

DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)

DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)

DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (iaStor [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (mf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mf.sys (Microsoft Corporation)

DRV - (MQAC [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)

DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (NWADI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)

DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)

DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)

DRV - (NWRDR [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nwrdr.sys (Microsoft Corporation)

DRV - (NWUSBCDFIL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NwUsbCdFil.sys (Novatel Wireless Inc.)

DRV - (NWUSBModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)

DRV - (NWUSBPort [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)

DRV - (NWUSBPort2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nwusbser2.sys (Novatel Wireless Inc.)

DRV - (PCASp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (PCTINDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\PCTINDIS5.SYS (PCTEL Inc.)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)

DRV - (RMCAST [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RMCast.sys (Microsoft Corporation)

DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (ssmdrv [system | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)

DRV - (swivsp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\swivspnt.sys (Sierra Wireless Inc.)

DRV - (swmsflt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()

DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (tcpipBM [system | Running]) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)

DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Link to post
Share on other sites
Ben Turner

Ben Turner

Posted
  • Author
Posted

ComboFix 09-05-30.03 - Ben Turner 05/31/2009 2:02.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1629 [GMT -4:00]

Running from: C:\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common\helper.dll

c:\program files\Common\helper.sig

c:\windows\system32\drivers\UACbirilrlxfuwnsrp.sys

c:\windows\system32\UACdpuassginjhjutt.dll

c:\windows\system32\UACeonbojcgwrtudqv.dll

c:\windows\system32\UACfwfbxjepdboskxw.log

c:\windows\system32\UACgeptmphgddewvwx.dll

c:\windows\system32\uacinit.dll

c:\windows\system32\UACksiedgqgckvpehr.dat

c:\windows\system32\UACpucxoakijpcupqb.log

c:\windows\system32\UACtutksgnusqntipa.dll

c:\windows\system32\UACuwmyxweexexmlal.dll

c:\windows\system32\UACyvholwtninqnlrn.log

D:\Autorun.inf

D:\Desktop.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))

.

2009-05-31 05:52 . 2009-05-31 05:52 3122418 ----a-r C:\Combo-Fix.exe

2009-05-31 00:05 . 2009-05-31 00:06 286208 ----a-w C:\6c9hd2g0.exe

2009-05-30 12:29 . 2009-05-30 12:29 0 ----a-w c:\documents and settings\Ben Turner\settings.dat

2009-05-30 12:09 . 2009-03-30 14:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys

2009-05-30 12:09 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys

2009-05-30 12:09 . 2009-02-13 16:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys

2009-05-30 12:09 . 2009-02-13 16:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys

2009-05-30 12:09 . 2009-05-30 12:09 -------- d-----w c:\program files\Avira

2009-05-30 12:09 . 2009-05-30 12:09 -------- d-----w c:\documents and settings\All Users\Application Data\Avira

2009-05-30 11:52 . 2009-05-26 17:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-30 11:52 . 2009-05-30 11:52 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2009-05-30 11:52 . 2009-05-26 17:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-30 11:52 . 2009-05-30 11:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-30 02:35 . 2009-05-30 02:35 -------- d-sh--w c:\documents and settings\Ben Turner\PrivacIE

2009-05-30 02:34 . 2009-05-30 02:34 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache

2009-05-30 02:34 . 2009-05-30 02:34 -------- d-sh--w c:\documents and settings\Ben Turner\IETldCache

2009-05-30 02:32 . 2009-05-30 02:32 -------- d-----w c:\windows\ie8updates

2009-05-30 02:32 . 2009-05-12 05:11 102912 ------w c:\windows\system32\dllcache\iecompat.dll

2009-05-30 02:31 . 2009-05-30 02:31 -------- dc-h--w c:\windows\ie8

2009-05-27 02:20 . 2009-05-27 02:20 -------- d-----w c:\program files\Microsoft

2009-05-27 02:19 . 2009-05-27 02:19 410984 ----a-w c:\windows\system32\deploytk.dll

2009-05-27 02:18 . 2009-05-27 02:18 152576 ----a-w c:\documents and settings\Ben Turner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-26 02:44 . 2009-05-26 02:44 -------- d-----w c:\program files\Common Files\Uninstall

2009-05-08 01:16 . 2009-05-08 01:16 127877 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\uninstall.exe

2009-05-08 01:15 . 2009-05-08 01:16 1685856 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe

2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe

2009-05-01 06:30 . 2009-05-08 01:16 4183416 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\plugins\npqmp071500000347.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-31 06:03 . 2009-04-10 15:40 -------- d-----w c:\program files\Common

2009-05-30 23:58 . 2008-02-14 17:23 -------- d-----w c:\documents and settings\Ben Turner\Application Data\OpenOffice.org2

2009-05-30 12:07 . 2007-05-04 14:31 -------- d-----w c:\documents and settings\Ben Turner\Application Data\U3

2009-05-27 02:18 . 2006-05-11 06:58 -------- d-----w c:\program files\Java

2009-05-26 02:52 . 2009-03-03 23:29 -------- d-----w c:\documents and settings\Ben Turner\Application Data\Move Networks

2009-05-04 02:45 . 2008-06-19 01:39 -------- d-----w c:\program files\Full Tilt Poker

2009-04-08 02:53 . 2006-05-11 09:25 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2009-04-02 00:15 . 2009-04-02 00:15 1047072 ----a-w c:\documents and settings\Ben Turner\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe

2009-03-21 15:34 . 2006-05-11 09:04 68496 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-08 08:34 . 2004-08-10 15:00 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 08:34 . 2004-08-10 15:00 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 08:33 . 2004-08-10 15:00 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 08:33 . 2004-08-10 15:00 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 08:32 . 2004-08-10 15:00 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 08:32 . 2004-08-10 15:00 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 08:31 . 2004-08-10 15:00 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 08:31 . 2004-08-10 15:00 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 08:31 . 2004-08-10 15:00 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 08:22 . 2004-08-10 15:00 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 14:22 . 2004-08-10 15:00 284160 ----a-w c:\windows\system32\pdh.dll

2007-03-22 12:02 . 2007-03-22 12:02 22 --sha-w c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-10-26 26112]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"AT&T Communication Manager"="c:\program files\AT&T\Communication Manager\ATTCM.exe" [2008-05-22 33280]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-04-18 61952]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Ben Turner\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/30/2009 8:09 AM 108289]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2/15/2006 11:06 AM 20352]

S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [7/12/2006 5:59 PM 97920]

S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\AT&T\Communication Manager\RcAppSvc.exe [3/6/2008 4:10 PM 106496]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [7/9/2007 2:17 PM 105216]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [6/26/2007 1:38 PM 59264]

S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [3/30/2007 1:38 PM 8064]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [9/6/2007 3:30 PM 13824]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [10/12/2007 4:04 PM 99200]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-05-31 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

LSP: bmnet.dll

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-31 02:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????t??????(?@???????@

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(984)

c:\windows\system32\bmnet.dll

.

Completion time: 2009-05-31 2:10

ComboFix-quarantined-files.txt 2009-05-31 06:10

Pre-Run: 31,805,067,264 bytes free

Post-Run: 32,531,263,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

193 --- E O F --- 2009-05-30 11:47

Link to post
Share on other sites
kahdah

kahdah

Posted
Posted

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.