Jump to content

Recommended Posts

From my searches I believe I have the Google redirect virus. It has now spread to my Ipad too. Please help.

Nothing I have found seems to work.

I ran Malwarebytes and it didn't help.

I followed the instructions.

I ran the Defogger disable, and it seemed to work.

I got the finished prompt, but it never asked me to restart.

I restarted manually.

When I run the DDS it just stops at the same point and the log file report never pops open. Then it usually freezes my comp.

This is where I am stuck. Please help.

Link to post
Share on other sites

:)

Please don't attach the scan results for these, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Next:

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

2011/02/11 12:27:04.0896 2516 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20

2011/02/11 12:27:05.0147 2516 ================================================================================

2011/02/11 12:27:05.0147 2516 SystemInfo:

2011/02/11 12:27:05.0147 2516

2011/02/11 12:27:05.0147 2516 OS Version: 5.1.2600 ServicePack: 2.0

2011/02/11 12:27:05.0147 2516 Product type: Workstation

2011/02/11 12:27:05.0147 2516 ComputerName: LAPTOP

2011/02/11 12:27:05.0147 2516 UserName: Diane

2011/02/11 12:27:05.0147 2516 Windows directory: C:\WINDOWS

2011/02/11 12:27:05.0147 2516 System windows directory: C:\WINDOWS

2011/02/11 12:27:05.0147 2516 Processor architecture: Intel x86

2011/02/11 12:27:05.0147 2516 Number of processors: 1

2011/02/11 12:27:05.0147 2516 Page size: 0x1000

2011/02/11 12:27:05.0147 2516 Boot type: Normal boot

2011/02/11 12:27:05.0147 2516 ================================================================================

2011/02/11 12:27:05.0407 2516 Initialize success

2011/02/11 12:27:08.0783 3068 ================================================================================

2011/02/11 12:27:08.0783 3068 Scan started

2011/02/11 12:27:08.0783 3068 Mode: Manual;

2011/02/11 12:27:08.0783 3068 ================================================================================

2011/02/11 12:27:12.0490 3068 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/02/11 12:27:12.0720 3068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/02/11 12:27:12.0820 3068 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/02/11 12:27:13.0041 3068 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

2011/02/11 12:27:13.0281 3068 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/02/11 12:27:13.0562 3068 AgereSoftModem (fc376d9dd86dc8446534b58b86ae1148) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/02/11 12:27:13.0802 3068 agp440 (1ab3ef842cb8cfe0da5e6043d98440b2) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/02/11 12:27:13.0812 3068 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\agp440.sys. Real md5: 1ab3ef842cb8cfe0da5e6043d98440b2, Fake md5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb

2011/02/11 12:27:13.0842 3068 agp440 - detected Rootkit.Win32.TDSS.tdl3 (0)

2011/02/11 12:27:14.0844 3068 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/02/11 12:27:15.0054 3068 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/02/11 12:27:15.0515 3068 ati2mtag (eb36ea7bd3cf4e5f6e44ceec08345be9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/02/11 12:27:15.0746 3068 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/02/11 12:27:16.0006 3068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/02/11 12:27:16.0216 3068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/02/11 12:27:16.0507 3068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/02/11 12:27:16.0727 3068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/02/11 12:27:16.0878 3068 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/02/11 12:27:17.0018 3068 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/02/11 12:27:17.0288 3068 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/02/11 12:27:17.0539 3068 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/02/11 12:27:18.0000 3068 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/02/11 12:27:18.0300 3068 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/02/11 12:27:18.0531 3068 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/02/11 12:27:18.0681 3068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/02/11 12:27:18.0781 3068 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/02/11 12:27:19.0081 3068 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/02/11 12:27:19.0302 3068 E100B (023b69f70b457e317cc2b0eb8f999f0f) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/02/11 12:27:19.0472 3068 EGATHDRV (3ef85cad624ea5a26984915ccebc9440) C:\WINDOWS\System32\EGATHDRV.SYS

2011/02/11 12:27:20.0123 3068 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/02/11 12:27:20.0955 3068 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/02/11 12:27:21.0426 3068 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/02/11 12:27:21.0666 3068 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/02/11 12:27:21.0866 3068 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/02/11 12:27:22.0027 3068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/02/11 12:27:22.0087 3068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/02/11 12:27:22.0357 3068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/02/11 12:27:22.0548 3068 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/02/11 12:27:22.0948 3068 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/02/11 12:27:23.0459 3068 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/02/11 12:27:23.0780 3068 IBMPMDRV (d9fcf45b33916e638a8d1f1bd4f2e53f) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

2011/02/11 12:27:23.0870 3068 IBMTPCHK (28deeba2e29cb0e91b641ca95f7740fd) C:\WINDOWS\system32\drivers\IBMBLDID.SYS

2011/02/11 12:27:23.0970 3068 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys

2011/02/11 12:27:24.0281 3068 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/02/11 12:27:24.0501 3068 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/02/11 12:27:24.0641 3068 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/02/11 12:27:24.0722 3068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/02/11 12:27:24.0962 3068 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/02/11 12:27:25.0172 3068 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/02/11 12:27:25.0443 3068 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/02/11 12:27:25.0663 3068 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/02/11 12:27:25.0854 3068 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/02/11 12:27:25.0974 3068 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/02/11 12:27:26.0184 3068 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/02/11 12:27:26.0304 3068 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

2011/02/11 12:27:26.0545 3068 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/02/11 12:27:26.0885 3068 LinksysFVNETusbl(AR)® (4922e576063b25f835c90cf4940bfd0c) C:\WINDOWS\system32\DRIVERS\vnetusbl.sys

2011/02/11 12:27:27.0126 3068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/02/11 12:27:27.0316 3068 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/02/11 12:27:27.0547 3068 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/02/11 12:27:27.0747 3068 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/02/11 12:27:28.0027 3068 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/02/11 12:27:28.0248 3068 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/02/11 12:27:28.0508 3068 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/02/11 12:27:28.0729 3068 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/02/11 12:27:28.0809 3068 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/02/11 12:27:29.0019 3068 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/02/11 12:27:29.0200 3068 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/02/11 12:27:29.0420 3068 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/02/11 12:27:29.0590 3068 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/02/11 12:27:29.0801 3068 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/02/11 12:27:29.0891 3068 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/02/11 12:27:30.0121 3068 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/02/11 12:27:30.0342 3068 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/02/11 12:27:30.0532 3068 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/02/11 12:27:30.0652 3068 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/02/11 12:27:30.0963 3068 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/02/11 12:27:31.0123 3068 NSCIRDA (6216798d29c3ba9d0d6f40bbbab694a5) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2011/02/11 12:27:31.0213 3068 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/02/11 12:27:31.0474 3068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/02/11 12:27:31.0664 3068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/02/11 12:27:31.0794 3068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/02/11 12:27:31.0995 3068 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/02/11 12:27:32.0175 3068 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/02/11 12:27:32.0435 3068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/02/11 12:27:32.0596 3068 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/02/11 12:27:32.0866 3068 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/02/11 12:27:33.0427 3068 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\drivers\PMEMNT.SYS

2011/02/11 12:27:33.0658 3068 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/02/11 12:27:33.0728 3068 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/02/11 12:27:33.0958 3068 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/02/11 12:27:34.0028 3068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/02/11 12:27:34.0168 3068 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/02/11 12:27:34.0629 3068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/02/11 12:27:34.0850 3068 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/02/11 12:27:35.0070 3068 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/02/11 12:27:35.0240 3068 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/02/11 12:27:35.0341 3068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/02/11 12:27:35.0481 3068 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/02/11 12:27:35.0691 3068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/02/11 12:27:35.0821 3068 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/02/11 12:27:36.0162 3068 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/02/11 12:27:36.0392 3068 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/02/11 12:27:36.0863 3068 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/02/11 12:27:37.0094 3068 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/02/11 12:27:37.0144 3068 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/02/11 12:27:37.0394 3068 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/02/11 12:27:37.0665 3068 Smapint (e061a9a43c80be5aa5d94f1ef4a713c1) C:\WINDOWS\system32\drivers\Smapint.sys

2011/02/11 12:27:37.0915 3068 smwdm (20dddbf8c6e9fbdd7ad0340329e67dcf) C:\WINDOWS\system32\drivers\smwdm.sys

2011/02/11 12:27:38.0176 3068 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

2011/02/11 12:27:38.0396 3068 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/02/11 12:27:38.0596 3068 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/02/11 12:27:38.0827 3068 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/02/11 12:27:39.0037 3068 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/02/11 12:27:39.0238 3068 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/02/11 12:27:39.0638 3068 SynTP (978e8a6805e007890bee0730a2b140c6) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/02/11 12:27:39.0859 3068 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/02/11 12:27:40.0129 3068 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/02/11 12:27:40.0360 3068 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/02/11 12:27:40.0530 3068 TDSMAPI (5c8a52c716b5d886ba22248ad8f95a93) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

2011/02/11 12:27:40.0630 3068 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/02/11 12:27:40.0830 3068 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/02/11 12:27:41.0081 3068 TPHKDRV (9306a3516eda4655b1f4d6890dbb3fe9) C:\WINDOWS\system32\drivers\TPHKDRV.sys

2011/02/11 12:27:41.0301 3068 TPPWR (c10b74cf569d39594e170734db590661) C:\WINDOWS\system32\drivers\Tppwr.sys

2011/02/11 12:27:41.0542 3068 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/02/11 12:27:41.0702 3068 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/02/11 12:27:41.0952 3068 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/02/11 12:27:42.0012 3068 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/02/11 12:27:42.0243 3068 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/02/11 12:27:42.0573 3068 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/02/11 12:27:42.0774 3068 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/02/11 12:27:42.0994 3068 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/02/11 12:27:43.0165 3068 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/02/11 12:27:43.0295 3068 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/02/11 12:27:43.0535 3068 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/02/11 12:27:43.0816 3068 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/02/11 12:27:44.0046 3068 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/02/11 12:27:44.0447 3068 WLAN (a6a1906a0106a11237f9ee39456b25bd) C:\WINDOWS\system32\DRIVERS\MA401RB.SYS

2011/02/11 12:27:44.0757 3068 ================================================================================

2011/02/11 12:27:44.0757 3068 Scan finished

2011/02/11 12:27:44.0757 3068 ================================================================================

2011/02/11 12:27:44.0797 1440 Detected object count: 1

2011/02/11 12:28:07.0037 1440 agp440 (1ab3ef842cb8cfe0da5e6043d98440b2) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/02/11 12:28:07.0037 1440 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\agp440.sys. Real md5: 1ab3ef842cb8cfe0da5e6043d98440b2, Fake md5: 2c428fa0c3e3a01ed93c9b2a27d8d4bb

2011/02/11 12:28:17.0386 1440 Backup copy found, using it..

2011/02/11 12:28:17.0396 1440 C:\WINDOWS\system32\DRIVERS\agp440.sys - will be cured after reboot

2011/02/11 12:28:17.0396 1440 Rootkit.Win32.TDSS.tdl3(agp440) - User select action: Cure

2011/02/11 12:28:21.0864 2396 Deinitialize success

Link to post
Share on other sites

Please run TDSSKiller again to make sure the RootKit is gone.

If nothing is found, do the next step.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5742

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

2/11/2011 3:57:24 PM

mbam-log-2011-02-11 (15-57-24).txt

Scan type: Full scan (C:\|)

Objects scanned: 250230

Time elapsed: 1 hour(s), 45 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

You might want to print these instructions out.

I suggest you do this:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Firefox (Windows)

1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.

Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog


  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Link to post
Share on other sites

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Link to post
Share on other sites

OTL logfile created on: 2/11/2011 6:24:36 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Diane\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 59.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 26.29 Gb Total Space | 2.21 Gb Free Space | 8.40% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Diane | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Diane\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()

PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()

PRC - C:\WINDOWS\system32\QCONSVC.EXE ()

PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()

PRC - C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\system32\ibmpmsvc.exe ()

PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()

PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Diane\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found

SRV - (HidServ) -- File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)

SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE ()

SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)

DRV - (LinksysFVNETusbl(AR)®) Linksys FVNETusbl(AR)® -- C:\WINDOWS\system32\drivers\vnetusbl.sys (Cisco-Linksys LLC)

DRV - (WLAN) -- C:\WINDOWS\system32\drivers\MA401RB.SYS (NETGEAR Inc.)

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()

DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)

DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)

DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys ()

DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (EGATHDRV) -- C:\WINDOWS\system32\egathdrv.sys ()

DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p="

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc8"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc8"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/08 01:09:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2010/12/08 01:12:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/08 01:12:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 12:21:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/11 12:18:41 | 000,000,000 | ---D | M]

[2010/07/07 21:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Extensions

[2010/07/07 21:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2011/02/10 21:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\g28dagdi.default\extensions

[2011/02/02 20:10:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Diane\Application Data\Mozilla\Firefox\Profiles\g28dagdi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/02/11 17:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/19 16:29:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2001/08/18 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)

O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe (Microsoft Corp.)

O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()

O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (Support.com, Inc.)

O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)

O4 - HKLM..\Run: [uC_SMB] File not found

O4 - Startup: C:\Documents and Settings\Diane\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\Diane\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Diane\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273774175698 (WUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.69.41 213.109.72.20 1.1.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Diane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Diane\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/13 13:02:31 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{9fbd3690-7a13-11df-bcd5-00096bc2679d}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 18:17:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.exe

[2011/02/11 14:07:18 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011/02/11 12:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\Desktop\GooredFix Backups

[2011/02/11 12:22:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Diane\Desktop\GooredFix.exe

[2011/02/10 22:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane\Application Data\Malwarebytes

[2011/02/10 21:59:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/02/10 21:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/02/10 21:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/02/10 21:59:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/02/10 21:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/02/10 21:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free

[2011/02/10 20:04:02 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011/02/10 11:08:26 | 001,366,104 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Diane\Desktop\TDSSKiller.exe

[2011/02/07 23:48:18 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/02/07 23:40:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/02/07 23:40:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/02/07 23:40:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/02/07 23:40:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/02/07 23:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/02/07 23:27:46 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/02/02 21:08:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2011/01/19 10:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Aleesoft

[2011/01/19 10:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\Aleesoft

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/11 18:17:40 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Diane\Desktop\OTL.exe

[2011/02/11 18:04:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/02/11 18:04:05 | 1072,746,496 | -HS- | M] () -- C:\hiberfil.sys

[2011/02/11 18:01:32 | 000,000,550 | ---- | M] () -- C:\Documents and Settings\Diane\Desktop\fixme.bat

[2011/02/11 16:50:59 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\BMMTask.job

[2011/02/11 12:58:27 | 004,266,810 | R--- | M] () -- C:\Documents and Settings\Diane\Desktop\ComboFix.exe

[2011/02/11 12:26:49 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Diane\Desktop\TDSSKiller.exe

[2011/02/11 12:24:22 | 000,012,671 | ---- | M] () -- C:\Documents and Settings\Diane\Desktop\GooredFix.odt

[2011/02/11 12:22:01 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Diane\Desktop\GooredFix.exe

[2011/02/11 11:01:19 | 000,624,640 | ---- | M] () -- C:\Documents and Settings\Diane\Desktop\dds.pif

[2011/02/11 00:57:33 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Diane\defogger_reenable

[2011/02/10 21:59:58 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/07 23:48:34 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI

[2011/02/07 23:22:00 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk

[2011/02/07 23:15:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/02/07 23:14:38 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/02/07 22:25:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/02/03 03:02:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/02/02 21:18:39 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Diane\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011/01/19 11:30:03 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Diane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/19 10:54:14 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Diane\Desktop\Aleesoft Free iPad Video Converter.lnk

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/11 18:01:32 | 000,000,550 | ---- | C] () -- C:\Documents and Settings\Diane\Desktop\fixme.bat

[2011/02/11 12:58:14 | 004,266,810 | R--- | C] () -- C:\Documents and Settings\Diane\Desktop\ComboFix.exe

[2011/02/11 12:24:20 | 000,012,671 | ---- | C] () -- C:\Documents and Settings\Diane\Desktop\GooredFix.odt

[2011/02/11 11:01:17 | 000,624,640 | ---- | C] () -- C:\Documents and Settings\Diane\Desktop\dds.pif

[2011/02/11 00:57:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Diane\defogger_reenable

[2011/02/10 21:59:58 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/02/07 23:48:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/02/07 23:48:22 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/02/07 23:40:15 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/02/07 23:40:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/02/07 23:40:15 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/02/07 23:40:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/02/07 23:40:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/02/02 21:18:37 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Diane\Start Menu\Programs\Internet Explorer.lnk

[2011/01/19 10:54:14 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Diane\Desktop\Aleesoft Free iPad Video Converter.lnk

[2010/12/08 00:44:15 | 000,000,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/09/16 22:15:13 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/09/16 22:15:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/09/16 22:09:26 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Diane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/13 15:29:56 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2010/05/13 15:12:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/05/13 12:45:55 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL

[2010/05/13 12:45:55 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll

[2010/05/13 12:45:55 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini

[2010/05/13 12:44:18 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini

[2010/05/13 12:38:55 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/05/13 12:36:32 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll

[2010/05/13 12:36:07 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS

[2010/05/13 12:35:21 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS

[2002/03/07 17:16:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini

[2002/01/10 16:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys

[2001/06/08 17:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini

[1980/01/01 02:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[1980/01/01 02:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[1980/01/01 02:00:00 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys

[1980/01/01 02:00:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010/12/03 18:25:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/07/22 22:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2010/12/03 18:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010/07/22 21:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL

[2010/06/11 10:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/09/29 08:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\AnvSoft

[2010/05/14 01:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\enchant

[2010/06/14 23:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\Facebook

[2010/11/09 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\IBM

[2011/02/11 18:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\LimeWire

[2010/08/09 13:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Diane\Application Data\OpenOffice.org

[2011/02/11 16:50:59 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 2/11/2011 6:24:36 PM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Diane\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 603.00 Mb Available Physical Memory | 59.00% Memory free

1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 26.29 Gb Total Space | 2.21 Gb Free Space | 8.40% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Diane | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min

"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{6AB6455A-7980-4186-ABC4-CADF60EF45D5}" = Winupdate

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes

"{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"AbiWord2" = AbiWord 2.8.4

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems AC'97 Modem

"Any Video Converter_is1" = Any Video Converter 3.0.7

"ATI Display Driver" = ATI Display Driver

"EasyEject Utility" = IBM ThinkPad EasyEject Utility

"EPSON Printer and Utilities" = EPSON Printer Software

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photo Creations" = HP Photo Creations

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"IBM Access Support" = IBM ThinkPad Access Support

"ie8" = Windows Internet Explorer 8

"LimeWire" = LimeWire 5.6.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"PC-Doctor" = Uninstall PC-Doctor

"Picasa 3" = Picasa 3

"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features

"Presentation Director" = IBM ThinkPad Presentation Director

"PROSet" = Intel® PRO Ethernet Adapter and Software

"Shop for HP Supplies" = Shop for HP Supplies

"Support.com" = Support.com Software

"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

"ThinkPad Configuration" = IBM ThinkPad Configuration

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"ThinkPadSoftwareInstaller" = ThinkPad Software Installer

"Veetle TV" = Veetle TV 0.9.17

"Windows XP Service Pack" = Windows XP Service Pack 2

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/11/2011 2:04:09 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 2:04:50 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 2:05:54 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 10:34:22 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 11:37:21 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 11:39:23 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 11:48:13 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 1:19:04 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 1:19:22 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application spoolsv.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a1fb6.

Error - 2/11/2011 1:55:39 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version

0.0.0.0, fault address 0x0008d560.

[ System Events ]

Error - 2/11/2011 5:29:39 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:43 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:48 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:52 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:57 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:01 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:06 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:10 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:14 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:19 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{1EABDDCB-B788-4FD2-BA76-23472D8DD1D6}" = EPSON Easy Photo Print

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7

"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min

"{58E65E96-6649-4CBE-9382-35326D694E6F}" = MSN Toolbar Platform

"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2

"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{6AB6455A-7980-4186-ABC4-CADF60EF45D5}" = Winupdate

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{A147FD6E-32F2-4009-BDC9-8B4E2B1B21EB}" = Microsoft Search Enhancement Pack

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes

"{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"AbiWord2" = AbiWord 2.8.4

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems AC'97 Modem

"Any Video Converter_is1" = Any Video Converter 3.0.7

"ATI Display Driver" = ATI Display Driver

"EasyEject Utility" = IBM ThinkPad EasyEject Utility

"EPSON Printer and Utilities" = EPSON Printer Software

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photo Creations" = HP Photo Creations

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"IBM Access Support" = IBM ThinkPad Access Support

"ie8" = Windows Internet Explorer 8

"LimeWire" = LimeWire 5.6.2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"PC-Doctor" = Uninstall PC-Doctor

"Picasa 3" = Picasa 3

"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features

"Presentation Director" = IBM ThinkPad Presentation Director

"PROSet" = Intel® PRO Ethernet Adapter and Software

"Shop for HP Supplies" = Shop for HP Supplies

"Support.com" = Support.com Software

"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

"ThinkPad Configuration" = IBM ThinkPad Configuration

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"ThinkPadSoftwareInstaller" = ThinkPad Software Installer

"Veetle TV" = Veetle TV 0.9.17

"Windows XP Service Pack" = Windows XP Service Pack 2

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/11/2011 2:04:09 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 2:04:50 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 2:05:54 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 10:34:22 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application , version 0.0.0.0, faulting module unknown, version

0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 11:37:21 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1004

Description = Faulting application svchost.exe, version 0.0.0.0, faulting module

unknown, version 0.0.0.0, fault address 0x00000000.

Error - 2/11/2011 11:39:23 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 11:48:13 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 1:19:04 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a624b.

Error - 2/11/2011 1:19:22 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application spoolsv.exe, version 5.1.2600.2180, faulting

module unknown, version 0.0.0.0, fault address 0x001a1fb6.

Error - 2/11/2011 1:55:39 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application pev.exe, version 0.0.0.0, faulting module , version

0.0.0.0, fault address 0x0008d560.

[ System Events ]

Error - 2/11/2011 5:29:39 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:43 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:48 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:52 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:29:57 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:01 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:06 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:10 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:14 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 2/11/2011 5:30:19 PM | Computer Name = LAPTOP | Source = Disk | ID = 262151

Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

Link to post
Share on other sites

I'm not seeing anything bad.

Try turning off the browser addons

FireFox

To empty the cache in firefox

1. click on tools > options

2. click on the Privacy button on the left side of the window

3. click the "Clear All" button to clear all cached items or select individual items to clear by clicking on individual "Clear" buttons (History, Saved Information, Saved Passwords, Download Manager History, Cookies, Cache)

IE

You can open Internet Explorer without add-ons in 2 ways. One way to open is to navigate to start menu-> All Programs-> Accessories-> System Tools-> Internet Explorer (no Add-ons). This opens up IE without ActiveX controls and browser extensions.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.