Antivirus 2010

Georgedn · October 18, 2010

My computer has been infected by Antivirus 2010. I am running Windows XP Pro SP3 and Norton Internet Security 2009. First ran NIS full scan and then ran MBAM (quick scan) in safe mode which found and removed 3 infected files. However, I have run 3 full MBAM scans in normal mode and MBAM keeps finding c:\WINDOWS\system32\us?rinit.exe (Rogue.Antivirus2010). MBAM indicates that the infected file is removed and quarantined but subsequent scans keep finding it. Also, in Windows Explorer a search for "us?rinit.exe" in the Windows folder finds 2 files named userinit.exe, one 26 KB and another 142 KB which has the Antivirus 2010 icon attached while another uninfected computer in my house only has the smaller sized file. Although the computer no longer exhibits the Antivirus 2010 behavior I am not convinced that the problem is corrected.

Hope you can help.

Maniac · October 18, 2010

Hello Georgedn! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

The process of cleaning your system may take some time, so please be patient.
Follow my instructions step by step if there is a problem somewhere, stop and tell me.
Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
If you don't know or can't understand something please ask.
Do not install or uninstall any software or hardware, while work on.
Keep me informed about any changes.

Do you have a license for NIS 2006? Now:

Download DDS and save it to your desktop from here or here or here.

Double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
[*]Save both reports to your desktop. Post them back to your topic.

Georgedn · October 19, 2010

Borislav, thanks for replying so promptly. You asked if I had a license for NIS 2006. I do not have NIS (Norton Internet Security) 2006 installed. I am running NIS 2009. I will try your fix in the morning and will post the resulting log files as soon as I can.

Georgedn · October 19, 2010

Both reports are posted below as you requested. The instructions for DDS said to disable any onboard script locking programs. I do not know if I have any such programs. I disabled Norton Internet Security firewall, anti-spyware and advanced protection. Please let me know if I must disable anything else.

Thanks

DDS (Ver_10-10-10.03) - NTFSx86

Run by George at 16:46:16.85 on Tue 10/19/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.218 [GMT -4:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe

C:\Program Files\My Lockbox\flockbox.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\BCMSMMSG.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Documents and Settings\George\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://cm.my.yahoo.com/

uWindow Title = Microsoft Internet Explorer

mStart Page = hxxp://search.myheritage.com

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.DLL

BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.8.0.41\coIEPlg.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Aim6]

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe

mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NSWosCheck] c:\program files\norton systemworks basic edition\osCheck.exe

mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe

mRun: [flockbox] c:\program files\my lockbox\flockbox.exe /a

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [DadApp] c:\program files\dell\accessdirect\dadapp.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY

mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

StartupFolder: c:\docume~1\george\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\roadru~1.lnk - c:\windows\installer\{8c92f717-6af8-445c-a5ee-0570c864365e}\_4E67E20696D9AD37E90475.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {01111C00-3E00-11D2-8470-0060089874ED} - hxxp://help.rr.com/Foundrysdccommon/download/tgctlar.cab

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab

DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213019724046

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\george\applic~1\mozilla\firefox\profiles\ci7rnrit.default\

FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-7 64288]

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-3-2 17264]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-2-3 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-2-3 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-2-3 482432]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20101015.005\IDSXpx86.sys [2010-10-13 341880]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-4 102448]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101018.054\NAVENG.SYS [2010-10-19 86064]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20101018.054\NAVEX15.SYS [2010-10-19 1371184]

S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]

S3 EraserUtilDrvI7;EraserUtilDrvI7;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi7.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI7.sys [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-3 15008]

=============== Created Last 30 ================

2010-10-16 21:30:19 0 ----a-w- c:\windows\system32\drivers\vbma1032.sys

2010-10-15 22:18:06 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-15 22:18:05 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-15 22:17:37 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-15 14:30:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG

2010-10-15 14:14:59 317440 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp101.dll

2010-10-15 14:14:59 123904 ----a-w- c:\windows\system32\hpf3l101.dll

2010-10-15 14:11:49 -------- d-----w- c:\windows\Cache

2010-10-15 14:11:46 -------- d-----w- c:\program files\Coupons

2010-10-15 14:11:15 -------- d-----w- c:\program files\HP Photo Creations

2010-10-15 14:11:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\HP Photo Creations

2010-10-15 14:10:40 -------- d-----w- c:\docume~1\george\applic~1\HpUpdate

2010-10-15 13:53:43 966656 ----a-w- c:\windows\system32\hpost_p03b.dll

2010-10-15 13:53:43 372736 ----a-w- c:\windows\system32\hppldcoi.dll

2010-10-15 13:53:43 315392 ----a-w- c:\windows\system32\hposc_p03a.dll

2010-10-15 13:53:42 885760 ----a-w- c:\windows\system32\hposwia_p03b.dll

2010-10-15 13:53:42 309760 ----a-w- c:\windows\system32\difxapi.dll

2010-10-11 16:25:26 -------- d-----w- c:\program files\common files\Sonic Shared

2010-10-11 16:23:03 -------- d-----w- c:\program files\common files\HP

2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx

2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll

2010-09-08 16:49:49 369664 ------w- c:\windows\system32\html.iec

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 16:53:10.39 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/25/2007 12:56:11 PM

System Uptime: 10/19/2010 2:15:46 PM (2 hours ago)

Motherboard: Dell Computer Corporation | |

Processor: Mobile Intel® Pentium® 4 CPU 3.06GHz | Microprocessor | 3056/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 8.159 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Photosmart Premium C309g-m

Device ID: ROOT\IMAGE\0001

Manufacturer: HP

Name: Premium C309g-m,192.168.1.3

PNP Device ID: ROOT\IMAGE\0001

Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart C5100 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Photosmart C5100 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

==== System Restore Points ===================

==== Installed Programs ======================

32 Bit HP CIO Components Installer

AccessDirect

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.0

AiO_Scan_CDA

AiOSoftwareNPI

AM-DeadLink 3.1

Anark Client 4

AnswerWorks 5.0 English Runtime

Antivirus 2010

AOL Instant Messenger

AppCore

ArcSoft PhotoImpression 6

Audacity 1.2.6

BCM V.92 56K Modem

Belarc Advisor 7.2

Broadcom 440x 10/100 Integrated Controller

BufferChm

BurnAware Free Edition 1.2.8

C309g-m

C5100

c5100_Help

ccCommon

CCleaner

Compatibility Pack for the 2007 Office system

Component Framework

Connection Keep Alive

Coupon Printer for Windows

CP_CalendarTemplates1

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Panorama1Config

cp_PosterPrintConfig

Critical Update for Windows Media Player 11 (KB959772)

CueTour

CustomerResearchQFolder

Dell Digital Jukebox Driver

Dell Driver Download Manager

Dell ResourceCD

Dell Support Center (Support Software)

Dell Wireless WLAN Card

DeLorme Street Atlas USA 2006

DeLorme Street Atlas USA 2006 Data

Destinations

Device Doctor 1.0.0.1

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

Documents To Go

DocumentViewer

DocumentViewerQFolder

doPDF 5.2 printer

eSupportQFolder

Fax_CDA

FaxTools

FinePixViewer Ver.4.2

FUJIFILM USB Driver

FullDPAppQFolder

Google Advertising Cookie Opt-out

Google Earth

Google Update Helper

GoToAssist 8.0.0.514

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 14.0

HP Document Viewer 7.0

HP Imaging Device Functions 14.0

HP Photo Creations

HP Photosmart Premier Software 6.5

HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6

HP Photosmart, Officejet and Deskjet 7.0.A

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoSmartExpress

HPProductAssistant

HPSSupply

I.I.I. Home Inventory 3.06

ImageMixer VCD2 for FinePix

InstantShareDevices

InstantShareDevicesMFC

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 20

LiveUpdate 3.1 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Money Plus

Microsoft Money Shared Libraries

Microsoft Office PowerPoint Viewer 2003

Microsoft Picture It! Photo Premium 9

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 2002

Microsoft Works

Microsoft Works 2004 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

MicroStaff WINASPI

Modem Helper

Mozilla Firefox (3.6.10)

MSRedist

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

My Lockbox 1.2 for Windows 2000/XP

MyHeritage Family Tree Builder

Network

NewCopy_CDA

Norton Cleanup

Norton Internet Security

Norton Protection Center

Norton SystemWorks

Norton SystemWorks (Symantec Corporation)

Norton SystemWorks Basic Edition

Norton Utilities

NVIDIA Drivers

OCR Software by I.R.I.S 7.0

OGA Notifier 2.0.0048.0

Online Backup

OVT Scanner X86

Palm

PanoStandAlone

PhotoGallery

PowerDVD 5.1

ProductContextNPI

PS_AIO_06_C309g-m_SW_Min

QuickCAD Release 8

Quicken 2010

QuickSet

QuickTransfer

RandMap

RAW FILE CONVERTER LE

Readme

Road Runner Safe Storage

RoadRunner

Scan

ScannerCopy

Seagate Manager Installer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2183461)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Shockwave

Shop for HP Supplies

SigmaTel AC97 Audio Drivers

SkinsHP1

SlideShow

SmartWebPrinting

SolutionCenter

Sonic RecordNow!

Sonic_PrimoSDK

SPBBC 32bit

Speccy

SplashPhoto

SpywareBlaster 4.2

Status

Street Atlas USA 2006

Synaptics Pointing Device Driver

Toolbox

TrayApp

TWC User Controls

Undelete Plus 2.91

Uniblue ProcessScanner

Uninstall OVT Scanner

Unload

Unlocker 1.9.0

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Viewpoint Manager (Remove Only)

Viewpoint Media Player

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WebIQ Technology Engine

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows Presentation Foundation

Windows XP Service Pack 3

XML Paper Specification Shared Components Pack 1.0

Yahoo! Messenger

==== End Of File ===========================

Georgedn · October 19, 2010