Jump to content

Malwarebytes update error


Bobny

Recommended Posts

I think I have a virus that is causing redirects. While viewing a webpage I have had another window open (full screen) and it is for some entertainment site. I don't even have to click on any link on that page. When I checked the history these two links appeared:

http://do_check.s3.amazonaws.com/index3.ht...xVrLh18WEax0%3D

http://results.google-analytics.com/

If I click on the latter one, I can see that it keeps redirecting to an eventual entertainment site. I suspect the latter is the culprit.

I get no virus warnings. I've done a boot scan with Avast, run Adaware, Spy-Bot, Stinger, CWShredder, HijackThis and Hitman and every one comes up clean. Also ran the program from Kasparsky that cleaned my son's laptop. I've checked the system32 folder for any new files and there's been no changes since late Sept.

I've "installed" Malwarebytes but it won't update. I keep getting the error

MBAM_ERROR_UPDATING(12007, 0, WinHttpSendRequest)

I assume that the software has noticed a virus that prevents it from updating.

Any help for this would be appreciated!

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

I have been unable to run Rootkit Unhooker. When I unpack the .rar file I get RkU3.8.388.590.exe and a new directory MustBeRandomlyNamed including 4 files (2 applications - 4t0t1JfsAlaCb and unins000, 1 DAT file - unins000, and one HTML file - RkUnhooker). When I attempt to run RKU (the name given to the program in my Start menu) it says it's starting and then it appears to quit. I have downloaded the .rar file 4 times so far and get the same result. I obviously can't save or supply the report you needed.

Below are the 2 OTL log files you requested :

OTL logfile created on: 11/16/2010 12:49:42 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = D:\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.53 Gb Total Space | 7.12 Gb Free Space | 36.43% Space Free | Partition Type: NTFS

Drive D: | 54.99 Gb Total Space | 51.80 Gb Free Space | 94.19% Space Free | Partition Type: NTFS

Computer Name: ROBERT | User Name: Bob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/16 09:29:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe

PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- D:\MozyHome\mozystat.exe

PRC - [2010/11/04 10:05:31 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/11/04 10:05:30 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/10/28 12:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/03/19 06:48:55 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/02/26 00:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2010/01/14 15:08:16 | 000,378,128 | ---- | M] (PC Tools) -- D:\ThreatFire\TFTray.exe

PRC - [2010/01/14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) -- d:\ThreatFire\TFService.exe

PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- D:\Acrobat 7.0\Distillr\acrotray.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/10 14:12:44 | 000,069,632 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2006/03/18 12:53:49 | 000,589,824 | ---- | M] (Fred's Software Company) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey1.exe

PRC - [2005/05/19 20:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2005/01/27 19:16:58 | 000,856,064 | ---- | M] (Nero AG) -- d:\Nero\InCD\InCDsrv.exe

PRC - [2005/01/27 12:17:31 | 001,381,376 | ---- | M] (Nero AG) -- D:\Nero\InCD\InCD.exe

PRC - [2004/01/21 09:45:48 | 000,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2004/01/21 09:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2001/08/23 18:37:40 | 000,167,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\point32.exe

========== Modules (SafeList) ==========

MOD - [2010/11/16 09:29:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/01/14 15:08:22 | 000,460,048 | ---- | M] (PC Tools) -- d:\ThreatFire\TFWAH.dll

MOD - [2001/05/09 19:00:28 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Mouse\Msh_zwf.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/11/04 10:05:30 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/01/14 15:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- d:\ThreatFire\TFService.exe -- (ThreatFire)

SRV - [2005/01/27 19:16:58 | 000,856,064 | ---- | M] (Nero AG) [Auto | Running] -- d:\Nero\InCD\InCDsrv.exe -- (InCDsrv)

SRV - [2005/01/27 12:16:57 | 000,856,064 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)

SRV - [2004/01/21 09:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\USA19H2kp.SYS -- (USA19H2KP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\USA19H2k.sys -- (USA19H)

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/11/04 10:05:42 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/07/12 03:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/01/14 15:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)

DRV - [2010/01/14 15:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)

DRV - [2010/01/14 15:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)

DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2005/09/17 19:32:00 | 003,493,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2005/09/14 23:56:48 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2005/08/11 00:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2005/07/29 04:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2005/07/29 04:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2005/06/05 20:44:05 | 000,091,841 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0630Vid.sys -- (P0630VID)

DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/01/27 19:08:02 | 000,099,200 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2005/01/27 19:07:34 | 000,028,928 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)

DRV - [2005/01/27 12:07:28 | 000,027,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2001/08/23 00:33:12 | 000,010,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)

DRV - [1999/08/12 06:59:08 | 000,034,916 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-823518204-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1935655697-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.myway.com/index.jsp?speedbarconfigchanged"

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1

FF - prefs.js..extensions.enabledItems: rapportive@rapportive.com:1.1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/19 06:50:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 12:43:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 12:43:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/28 12:31:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/10/05 19:05:16 | 000,000,000 | ---D | M]

[2010/09/03 10:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions

[2010/09/03 10:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/11/16 09:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions

[2010/04/29 07:01:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/11 15:41:50 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

[2009/03/29 14:52:41 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}

[2010/07/14 22:16:21 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

[2010/04/12 05:54:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/11/11 15:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\bk72ab9i.default\extensions\rapportive@rapportive.com

[2010/11/16 09:21:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/25 07:03:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/07/28 09:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/11/15 18:20:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2007/06/21 17:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll

[2007/06/21 17:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll

[2007/06/21 17:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2007/06/21 17:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll

[2007/06/21 17:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/06/29 18:08:17 | 000,408,644 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: HP9ACE1E HP001A4B9ACE1E

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 14132 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-823518204-1935655697-839522115-1004\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-823518204-1935655697-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 7.0] D:\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()

O4 - HKLM..\Run: [inCD] d:\Nero\InCD\InCD.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PD0630 STISvc] C:\WINDOWS\System32\P0630Pin.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [POINTER] File not found

O4 - HKLM..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [ThreatFire] d:\ThreatFire\TFTray.exe (PC Tools)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-823518204-1935655697-839522115-1004..\Run: [NBJ] D:\Nero\Nero BackItUp\NBJ.exe (Ahead Software AG)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] d:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanXP.cmd ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = D:\MozyHome\mozystat.exe (Mozy, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey1.exe (Fred's Software Company)

O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Bob\Application Data\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Convert link target to Adobe PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to existing PDF - D:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://win7pro.vlabcenter.com/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1249490225578 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.26 213.109.77.22 1.1.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/29 12:14:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{18d46c67-ee50-11de-a2f1-0015f2040afa}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found

O33 - MountPoints2\{201bc9ac-e040-11df-a3b5-0015f2040afa}\Shell - "" = AutoRun

O33 - MountPoints2\{201bc9ac-e040-11df-a3b5-0015f2040afa}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{201bc9ac-e040-11df-a3b5-0015f2040afa}\Shell\AutoRun\command - "" = G:\EasySuite .exe -- File not found

O33 - MountPoints2\{7bf82d7e-c516-11df-a391-0015f2040afa}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{7bf82d7e-c516-11df-a391-0015f2040afa}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{80797632-ab07-11df-a372-0015f2040afa}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{80797632-ab07-11df-a372-0015f2040afa}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/16 11:28:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/16 11:28:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/16 06:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\recent

[2010/11/14 19:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Application Data\Malwarebytes

[2010/11/14 14:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle

[2010/11/03 21:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/03/25 18:56:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bob\Application Data\pcouffin.sys

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 12:39:03 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\HP WEP.job

[2010/11/16 11:28:18 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 11:27:27 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1935655697-839522115-1004.job

[2010/11/16 11:27:26 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1935655697-839522115-1004.job

[2010/11/16 06:27:42 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/11/16 06:27:40 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly).job

[2010/11/16 06:26:53 | 000,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/16 06:26:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/16 06:25:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/16 06:25:49 | 2616,578,048 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/15 11:17:18 | 000,000,795 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI

[2010/11/15 11:06:09 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/15 06:20:36 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/11/13 23:39:58 | 000,544,398 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\cc_20101113_233928.reg

[2010/11/13 18:00:38 | 000,008,046 | ---- | M] () -- C:\WINDOWS\mozy.blk

[2010/11/13 18:00:38 | 000,001,266 | ---- | M] () -- C:\WINDOWS\mozy.flt

[2010/11/12 18:07:17 | 000,000,466 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk

[2010/11/11 18:55:45 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\Deficits.doc

[2010/11/11 16:25:32 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/11/08 21:52:53 | 000,650,557 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\esl.pdf

[2010/11/07 12:17:01 | 000,056,320 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\My Card.doc

[2010/11/07 11:27:14 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/07 11:27:14 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/04 10:05:46 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2010/10/25 11:12:55 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\wklnhst.dat

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/16 11:28:18 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/16 06:37:02 | 000,000,312 | ---- | C] () -- C:\WINDOWS\tasks\HP WEP.job

[2010/11/15 10:52:25 | 2616,578,048 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/13 23:39:33 | 000,544,398 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\cc_20101113_233928.reg

[2010/11/11 18:54:55 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\Deficits.doc

[2010/11/08 21:52:53 | 000,650,557 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\esl.pdf

[2010/11/03 21:21:58 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2010/10/24 19:33:06 | 000,000,482 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Scan (Weekly).job

[2010/10/05 12:56:29 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2010/10/04 22:28:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\housecall.guid.cache

[2010/03/25 18:56:39 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.log

[2010/03/25 18:56:35 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\inst.exe

[2010/03/25 18:56:35 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.cat

[2010/03/25 18:56:35 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.inf

[2010/02/04 13:39:29 | 000,003,257 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\TNGen.ini

[2009/11/16 11:13:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2009/08/27 18:43:32 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\wklnhst.dat

[2009/04/20 15:09:53 | 000,000,413 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009/04/20 13:46:59 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2009/04/02 13:31:01 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/04/02 13:30:59 | 000,057,856 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/03/31 09:58:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\fusioncache.dat

[2009/03/31 09:50:58 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009/03/31 09:43:06 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2009/03/31 09:36:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll

[2009/03/31 09:36:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2009/03/31 09:34:09 | 000,000,736 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2009/03/30 17:08:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini

[2009/03/30 16:15:10 | 000,000,795 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2009/03/30 16:15:08 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2009/03/29 18:16:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/03/29 12:34:42 | 000,000,265 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini

[2009/03/29 12:34:20 | 000,020,906 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/03/29 12:34:18 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/03/29 12:34:14 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2009/03/29 07:05:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2007/07/26 11:01:50 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll

[2005/09/17 19:32:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2005/09/17 19:32:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2005/09/17 19:32:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2005/09/17 19:32:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2005/09/17 19:32:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2005/09/17 19:32:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2005/09/17 19:32:00 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2003/12/17 06:16:00 | 000,005,630 | ---- | C] () -- C:\WINDOWS\UN021217.INI

[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/09 20:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/04/20 13:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS

[2010/11/03 21:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2009/04/20 13:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System

[2010/05/28 15:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/12/04 23:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010/08/16 09:50:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}

[2009/04/14 18:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Citrix

[2010/11/16 06:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Dropbox

[2009/05/07 10:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\GARMIN

[2009/04/14 18:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\ICAClient

[2009/04/12 15:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\JAlbum

[2010/03/12 13:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Jalbum AB

[2010/02/12 14:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Leadertech

[2010/11/14 09:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\RipIt4Me

[2010/01/08 16:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SystemRequirementsLab

[2010/09/03 10:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Thunderbird

[2010/09/20 23:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\YouSendIt

[2010/11/16 06:27:40 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Scan (Weekly).job

[2010/11/16 06:27:42 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/16/2010 12:49:42 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = D:\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free

4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 19.53 Gb Total Space | 7.12 Gb Free Space | 36.43% Space Free | Partition Type: NTFS

Drive D: | 54.99 Gb Total Space | 51.80 Gb Free Space | 94.19% Space Free | Partition Type: NTFS

Computer Name: ROBERT | User Name: Bob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"58972:TCP" = 58972:TCP:*:Enabled:Pando

"58972:UDP" = 58972:UDP:*:Enabled:Pando

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"D:\Fetchit\WS_FTP95.EXE" = D:\Fetchit\WS_FTP95.EXE:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)

"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)

"D:\Yahoo!\Messenger\YahooMessenger.exe" = D:\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"E:\setup\HPZNET01.EXE" = E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe -- File not found

"E:\setup\HPONICIFS01.EXE" = E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"D:\Pando\Pando.exe" = D:\Pando\Pando.exe:*:Enabled:Pando -- (Pando Networks)

"C:\Documents and Settings\Bob\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Bob\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01BDFB08-EE88-4E5E-94A6-AE9EDCFA40C5}" = Microsoft IntelliPoint 4.0

"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking

"{04D4EF05-70EC-445C-981A-06449B0E426E}" = Jalbum

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 22

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply

"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore

"{7B63B2922B174135AFC0E1377DD81EC2}" =

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{876A4C7A-412A-40b8-9DCF-B04D2339B73E}" = c7100_Help

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc

"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7B279F4-E9B0-470F-A6A0-54C31C340DBC}" = C7100

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-1033-0000-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client

"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer

"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire

"ActiveTouchMeetingClient" = WebEx

"Ad-Aware" = Ad-Aware

"Adobe Acrobat 7.0 Standard - V" = Adobe Acrobat 7.1.0 Standard

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast5" = avast! Free Antivirus

"Creative PD0630" = Creative WebCam Live! Driver (1.02.03.0606)

"Creative WebCam Center" = Creative WebCam Center

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)

"FireTune" = FireTune

"Get Yahoo! Messenger" = Get Yahoo! Messenger

"HP Document Viewer" = HP Document Viewer 7.0

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP LaserJet P1500 series" = HP LaserJet P1500 series

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPOCR" = OCR Software by I.R.I.S 7.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0

"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express

"jZip" = jZip

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)

"MyJongg II" = MyJongg II

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"Quicken Basic 2000" = Quicken Basic 2000

"RealPlayer 12.0" = RealPlayer

"SightSpeed" = SightSpeed

"SystemRequirementsLab" = System Requirements Lab

"TNGen_is1" = TNGen 0.9.6

"Veetle TV" = Veetle TV 0.9.18

"WebCam Live! Product Registration" = WebCam Live! Product Registration

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1935655697-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 11/11/2009 3:24:05 PM | Computer Name = ROBERT | Source = avast! | ID = 33554522

Description =

Error - 3/14/2010 1:47:52 PM | Computer Name = ROBERT | Source = avast! | ID = 33554522

Description =

Error - 3/14/2010 10:59:56 PM | Computer Name = ROBERT | Source = avast! | ID = 33554522

Description =

[ Application Events ]

Error - 10/3/2010 12:02:30 AM | Computer Name = ROBERT | Source = Application Hang | ID = 1002

Description = Hanging application POWERPNT.EXE, version 11.0.8324.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/4/2010 6:55:29 AM | Computer Name = ROBERT | Source = Application Error | ID = 1000

Description = Faulting application flashutil10h_plugin.exe, version 10.1.53.64,

faulting module , version 0.0.0.0, fault address 0x00000000.

Error - 10/6/2010 3:39:05 PM | Computer Name = ROBERT | Source = Application Hang | ID = 1002

Description = Hanging application hpqste08.exe, version 70.0.170.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2010 3:41:48 PM | Computer Name = ROBERT | Source = Application Hang | ID = 1002

Description = Hanging application hpqste08.exe, version 70.0.170.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2010 6:02:01 PM | Computer Name = ROBERT | Source = VSS | ID = 8193

Description = Volume Shadow Copy Service error: Unexpected error calling routine

CoCreateInstance. hr = 0x8007041d.

Error - 10/24/2010 11:16:12 PM | Computer Name = ROBERT | Source = Application Error | ID = 1000

Description = Faulting application yahoomessenger.exe, version 10.0.0.1270, faulting

module msvcp80.dll, version 8.0.50727.4053, fault address 0x0000a4f7.

Error - 10/25/2010 7:07:10 PM | Computer Name = ROBERT | Source = Application Error | ID = 1000

Description = Faulting application incd.exe, version 4.3.12.0, faulting module incd.exe,

version 4.3.12.0, fault address 0x0001458b.

Error - 11/9/2010 3:32:53 PM | Computer Name = ROBERT | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2010 11:08:16 AM | Computer Name = ROBERT | Source = Application Hang | ID = 1002

Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/10/2010 3:22:30 PM | Computer Name = ROBERT | Source = Application Hang | ID = 1002

Description = Hanging application PowerDVD.exe, version 5.0.0.1107, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 11/15/2010 11:38:43 AM | Computer Name = ROBERT | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 AmdK8 aswSP aswTdi Fips mozyFilter SASDIFSV SASKUTIL TfFsMon TfSysMon

Error - 11/15/2010 11:42:11 AM | Computer Name = ROBERT | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/15/2010 11:43:45 AM | Computer Name = ROBERT | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/15/2010 11:44:47 AM | Computer Name = ROBERT | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Aavmker4 AmdK8 aswSP aswTdi Fips mozyFilter SASDIFSV SASKUTIL TfFsMon TfSysMon

Error - 11/15/2010 11:44:55 AM | Computer Name = ROBERT | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/15/2010 11:51:01 AM | Computer Name = ROBERT | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/15/2010 11:51:36 AM | Computer Name = ROBERT | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/15/2010 11:53:07 AM | Computer Name = ROBERT | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SASDIFSV SASKUTIL

Error - 11/15/2010 7:20:22 PM | Computer Name = ROBERT | Source = Service Control Manager | ID = 7034

Description = The Java Quick Starter service terminated unexpectedly. It has done

this 1 time(s).

Error - 11/16/2010 7:26:24 AM | Computer Name = ROBERT | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SASDIFSV SASKUTIL

< End of report >

Link to post
Share on other sites

Lets see if we can fix this. :D

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

This is frustrating! I've downloaded ComboFix from both links and can't install either one.

The file from Bleepingcomputer gives me the error message:

"You appear to have a corrupt download. Please download a fresh copy of ComboFix.exe"

The file from Forospyware give me this error message:

"Some files could not be created. Please close all applications, reboot Windows, and restart this installation"

At that point, the only way I can close ComboFix is with a reboot.

Link to post
Share on other sites

Can you boot into safe mode with networking and try it from there? If not, try to download it on a clean computer using a flash drive.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Link to post
Share on other sites

I attempted to run ComboFix from Safe Mode. It starts and gives me a message that Avast and AdAware are running and need to be shutdown. Neither program appears on the Task Bar. I assume that they are running as either processes or services. I have no idea what they would be named in either instance. I suspect that ComboFix will run in Safe Mode if I can stop the other programs. I'd like to try that before downloading Flash Disinfector.

Link to post
Share on other sites

This is the log from ComboFix. I did have to run it in SafeMode.

ComboFix 10-11-16.06 - Administrator 11/17/2010 12:00:51.1.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2495.2149 [GMT -5:00]

Running from: d:\downloads\Computer issue\ComboFix.exe

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Bob\Application Data\inst.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))

.

2010-11-16 16:28 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-16 16:28 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-15 11:15 . 2010-11-17 11:26 -------- d-----w- c:\documents and settings\Administrator

2010-11-15 00:32 . 2010-11-15 00:32 -------- d-----w- c:\documents and settings\Bob\Application Data\Malwarebytes

2010-11-14 19:31 . 2010-11-14 19:31 -------- d-----w- c:\program files\Veetle

2010-11-04 02:21 . 2010-11-15 11:20 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-11-04 02:21 . 2010-11-04 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-08 21:06 . 2010-01-28 03:32 54776 ----a-w- c:\windows\system32\drivers\mozy.sys

2010-11-04 15:05 . 2010-02-15 15:54 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-23 20:52 . 2010-09-23 20:52 922112 ------w- c:\windows\system32\imapi2fs.dll

2010-09-23 20:52 . 2010-09-23 20:52 426496 ------w- c:\windows\system32\imapi2.dll

2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 09:50 . 2010-04-25 12:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 07:29 . 2010-04-04 12:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-07 15:12 . 2010-06-30 01:13 38848 ----a-w- c:\windows\avastSS.scr

2010-09-07 15:11 . 2009-04-01 13:48 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-07 14:52 . 2009-04-01 13:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-07 14:52 . 2009-04-01 13:48 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-07 14:47 . 2009-04-01 13:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-07 14:47 . 2009-04-01 13:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-09-07 14:47 . 2009-04-01 13:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-09-07 14:47 . 2009-04-01 13:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-07 14:46 . 2009-04-01 13:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-09-01 11:51 . 2004-08-04 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2004-08-04 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2004-08-04 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2004-08-04 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-04-21 02:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2004-08-04 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 3424056 ----a-w- d:\mozyhome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 3424056 ----a-w- d:\mozyhome\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

"nwiz"="nwiz.exe" [2005-09-18 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"Acrobat Assistant 7.0"="d:\acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]

"RemoteControl"="d:\cyberlink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="d:\nero\InCD\InCD.exe" [2005-01-27 1381376]

"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"ThreatFire"="d:\threatfire\TFTray.exe" [2010-01-14 378128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-30 209016]

CleanXP.cmd [2009-11-15 839]

MozyHome Status.lnk - d:\mozyhome\mozystat.exe [2010-11-8 3571512]

Printkey1.exe [2006-3-18 589824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Fetchit\\WS_FTP95.EXE"=

"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

"d:\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Pando\\Pando.exe"=

"c:\\Documents and Settings\\Bob\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"58972:TCP"= 58972:TCP:Pando

"58972:UDP"= 58972:UDP:Pando

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/15/2010 10:54 AM 64288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1375992]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [10/4/2010 9:13 PM 51984]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [10/4/2010 9:13 PM 59664]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/1/2009 8:48 AM 165584]

S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]

S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys --> c:\docume~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys [?]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/1/2009 8:48 AM 17744]

S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [3/30/2009 4:15 PM 34916]

S2 ThreatFire;ThreatFire;d:\threatfire\TFService.exe service --> d:\threatfire\TFService.exe service [?]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/16/2010 9:56 AM 15264]

S3 Normandy;Normandy SR2; [x]

S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [3/30/2009 9:08 AM 91841]

S3 SASENUM;SASENUM;\??\c:\docume~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS --> c:\docume~1\Bob\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS [?]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [10/4/2010 9:13 PM 33552]

S3 USA19H;USA19H;c:\windows\system32\DRIVERS\USA19H2k.sys --> c:\windows\system32\DRIVERS\USA19H2k.sys [?]

S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\DRIVERS\USA19H2kp.SYS --> c:\windows\system32\DRIVERS\USA19H2kp.SYS [?]

.

Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\windows\Tasks\Ad-Aware Scan (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:05]

2010-11-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:05]

2010-11-17 c:\windows\Tasks\HP WEP.job

- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:28]

2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1935655697-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-823518204-1935655697-839522115-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1935655697-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-11-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-1935655697-839522115-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

.

.

------- Supplementary Scan -------

.

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\triuaih3.default\

FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\Bob\Application Data\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: c:\program files\Veetle\Player\npvlc.dll

FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: d:\acrobat 7.0\Acrobat\browser\nppdf32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

HKLM-Run-POINTER - point32.exe

AddRemove-HitmanPro35 - d:\downloads\HitmanPro35.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-17 12:03

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1935655697-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,cd,c8,c6,9e,5a,de,49,87,5d,47,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,cd,c8,c6,9e,5a,de,49,87,5d,47,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2010-11-17 12:04:21

ComboFix-quarantined-files.txt 2010-11-17 17:04

Pre-Run: 10,369,167,360 bytes free

Post-Run: 10,421,354,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CD616F585711CA793B23CD49BEE0A652

Link to post
Share on other sites

Okay, fingers crossed! :)

The problem appears to have been resolved by replacing the router. This is the 2nd day with no redirects. One issue that has cropped up ... now my Avast anti-virus is no longer showing in the task bar. I don't know if it is still working.

Link to post
Share on other sites

Can you verify if it is still installed (look in the Programs menu)? If it is not there or will not run, try to uninstall it from Add/Remove programs and reinstall.

You may also want to check if it is not hidden in the tray (right-click in the Taskbar, select Properties and uncheck "hide inactive icons").

Link to post
Share on other sites

Can you verify if it is still installed (look in the Programs menu)? If it is not there or will not run, try to uninstall it from Add/Remove programs and reinstall.

You may also want to check if it is not hidden in the tray (right-click in the Taskbar, select Properties and uncheck "hide inactive icons").

Apparently it's the user interface that isn't visible. I haven't seen any popups saying that the database has been updated but when I manually open the user interface it does indicate that Avast is updating. I assume that indicates that Avast is working. Guess the next step is to re-install or repair.

Link to post
Share on other sites

Hi, to be on the safe side, I'd say, try uninstalling/reinstalling it.

Please launch MBAM, update it and run a full scan. Post me the resulting log. Do you have any problem left?

I ran the repair option and the Avast user interface is now visible. There doesn't appear to be any other issues.

This is the latest log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5194

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/26/2010 2:12:39 PM

mbam-log-2010-11-26 (14-12-39).txt

Scan type: Quick scan

Objects scanned: 152370

Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I'm glad to hear everything is okay now. Lets do one last scan for leftovers.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

I think you are right. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete Rootkit Unhooker and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.