Possible Malware???

**roadrunner23** · 2011-03-04, 23:31

My computer has been stopping, restarting, and freezing randomly for the past week, and it seems to be doing it more often. I am posting my DDS logs. Can someone help me determine if malware is causing the problem?
Thank you!

Here is my attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/5/2006 1:11:29 PM
System Uptime: 3/4/2011 4:02:48 PM (0 hours ago)
.
Motherboard: Hewleet-Packard | | Asterope
Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | CPU 1 | 3065/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 135.65 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.442 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Alien Outbreak 2
Ancient Sudoku
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Control Panel
ATI Display Driver
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bonjour
Bookworm Deluxe
Bots of Fun - 10 Great Robots Games!
Bounce Symphony
BufferChm
CameraDrivers
CameraUserGuides
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Chuzzle Deluxe
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash
DING!
DISCover
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
ESET Online Scanner
ESET Online Scanner v3
Exam
Exam Demo
Fairies
Family Feud
FATE
Flip Words
Foxit Reader
Garmin TOPO U.S. 2008
GemMaster Mystic
GIMP 2.4.4
Golf 2003
GOM Player
GSP Sudoku
H&R Block Deluxe + Efile 2009
Harry Potter
Harry Potter and the Prisoner of Azkaban(TM)
Harry Potter II
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe
InstantShareDevices
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jewel Quest
LightScribe 1.4.84.1
Logitech Harmony Remote Software 7
Mah Jong Quest
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Mystery Case Files
NETGEAR Live Parental Controls Management Utility 2.1.3
OptionalContentQFolder
Otto
PanoStandAlone
Parental Controls Helper Application
PC-Doctor 5 for Windows
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
Pro Media Director Version 1.1.1.1
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Remote Control USB Driver
Ricochet Lost Worlds
ScannerCopy
SCRABBLE
Secunia PSI (2.0.0.2001)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
Smart On Line
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
Super Granny
TaxCut Basic + Efile 2008
TaxCut Premium 2006
TaxCut Premium 2007
Tennis Titans
The Sims 2
Toolbox
Tornado Jockey
Tradewinds
TrayApp
Typing
Unload
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957258)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Vinny Payroll
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
3/3/2011 7:36:38 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000018, parameter2 00000002, parameter3 00000000, parameter4 f724ba59.
3/3/2011 5:52:09 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b51a, parameter3 ee12992c, parameter4 00000000.
2/27/2011 1:57:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c000001d, parameter2 80545088, parameter3 80551344, parameter4 00000000.
2/27/2011 1:56:18 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Secunia PSI Agent service to connect.
2/27/2011 1:56:18 PM, error: Service Control Manager [7000] - The Secunia PSI Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Here is my DDS.txt

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 16:21:51.85 on Fri 03/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.65 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://comcast.net/
uInternet Settings,ProxyOverride = *.local
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\r1og734j.default\
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\r1og734j.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2007-10-29 127768]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl10046adc;MpKsl10046adc;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl10046adc.sys [2011-3-4 28752]
R1 MpKsl22624198;MpKsl22624198;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl22624198.sys [2011-3-4 28752]
R1 MpKsl2bc422e5;MpKsl2bc422e5;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl2bc422e5.sys [2011-3-4 28752]
R1 MpKsl8d1c4c26;MpKsl8d1c4c26;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl8d1c4c26.sys [2011-3-3 28752]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-10-29 395080]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 MpKsl000711e5;MpKsl000711e5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c69331-0296-453e-a9b6-a7b54f8be3d6}\mpksl000711e5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c69331-0296-453e-a9b6-a7b54f8be3d6}\MpKsl000711e5.sys [?]
S1 MpKsl034dc51e;MpKsl034dc51e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2400397c-cfc8-4a08-be3d-510739a44906}\mpksl034dc51e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2400397c-cfc8-4a08-be3d-510739a44906}\MpKsl034dc51e.sys [?]
S1 MpKsl0e850547;MpKsl0e850547;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f368ade-1f35-4291-9492-a3444dd3bda6}\mpksl0e850547.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0f368ade-1f35-4291-9492-a3444dd3bda6}\MpKsl0e850547.sys [?]
S1 MpKsl121130bc;MpKsl121130bc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{388e2cf9-763b-4ccd-9634-74676dc4ed99}\mpksl121130bc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{388e2cf9-763b-4ccd-9634-74676dc4ed99}\MpKsl121130bc.sys [?]
S1 MpKsl129f6610;MpKsl129f6610;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\mpksl129f6610.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\MpKsl129f6610.sys [?]
S1 MpKsl350d40ff;MpKsl350d40ff;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\mpksl350d40ff.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\MpKsl350d40ff.sys [?]
S1 MpKsl391e0b4a;MpKsl391e0b4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{388e2cf9-763b-4ccd-9634-74676dc4ed99}\mpksl391e0b4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{388e2cf9-763b-4ccd-9634-74676dc4ed99}\MpKsl391e0b4a.sys [?]
S1 MpKsl3d198c7c;MpKsl3d198c7c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\mpksl3d198c7c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\MpKsl3d198c7c.sys [?]
S1 MpKsl3d87fb7f;MpKsl3d87fb7f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\mpksl3d87fb7f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\MpKsl3d87fb7f.sys [?]
S1 MpKsl3eb71991;MpKsl3eb71991;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\mpksl3eb71991.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\MpKsl3eb71991.sys [?]
S1 MpKsl435d1dc3;MpKsl435d1dc3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c69331-0296-453e-a9b6-a7b54f8be3d6}\mpksl435d1dc3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c69331-0296-453e-a9b6-a7b54f8be3d6}\MpKsl435d1dc3.sys [?]
S1 MpKsl4419c27c;MpKsl4419c27c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\mpksl4419c27c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\MpKsl4419c27c.sys [?]
S1 MpKsl4b69c89e;MpKsl4b69c89e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\mpksl4b69c89e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\MpKsl4b69c89e.sys [?]
S1 MpKsl6c284207;MpKsl6c284207;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\mpksl6c284207.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\MpKsl6c284207.sys [?]
S1 MpKsl729ffc46;MpKsl729ffc46;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\mpksl729ffc46.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\MpKsl729ffc46.sys [?]
S1 MpKsl8a000349;MpKsl8a000349;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\mpksl8a000349.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\MpKsl8a000349.sys [?]
S1 MpKsl9c1ca9c6;MpKsl9c1ca9c6;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\mpksl9c1ca9c6.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{681a3aed-9479-4d45-8e7a-fc625e3708b5}\MpKsl9c1ca9c6.sys [?]
S1 MpKsla3a522d9;MpKsla3a522d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\mpksla3a522d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\MpKsla3a522d9.sys [?]
S1 MpKsla40d5cb3;MpKsla40d5cb3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c5b97c4-f35e-4235-962c-232eb9c0a7c4}\mpksla40d5cb3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c5b97c4-f35e-4235-962c-232eb9c0a7c4}\MpKsla40d5cb3.sys [?]
S1 MpKsla9ddb931;MpKsla9ddb931;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c69331-0296-453e-a9b6-a7b54f8be3d6}\mpksla9ddb931.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0c69331-0296-453e-a9b6-a7b54f8be3d6}\MpKsla9ddb931.sys [?]
S1 MpKslae5f485f;MpKslae5f485f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\mpkslae5f485f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\MpKslae5f485f.sys [?]
S1 MpKslbb425430;MpKslbb425430;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\mpkslbb425430.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\MpKslbb425430.sys [?]
S1 MpKslc2d6ba4a;MpKslc2d6ba4a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\mpkslc2d6ba4a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6db7dbd6-6178-40ec-a26f-eccd922f0de5}\MpKslc2d6ba4a.sys [?]
S1 MpKslc9c771a9;MpKslc9c771a9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c5b97c4-f35e-4235-962c-232eb9c0a7c4}\mpkslc9c771a9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5c5b97c4-f35e-4235-962c-232eb9c0a7c4}\MpKslc9c771a9.sys [?]
S1 MpKslcbe1d16d;MpKslcbe1d16d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\mpkslcbe1d16d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\MpKslcbe1d16d.sys [?]
S1 MpKslce6b3823;MpKslce6b3823;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\mpkslce6b3823.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ae560dab-f19c-4b03-be7a-5dd8cfcb578d}\MpKslce6b3823.sys [?]
S1 MpKslcea936fc;MpKslcea936fc;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{388e2cf9-763b-4ccd-9634-74676dc4ed99}\mpkslcea936fc.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{388e2cf9-763b-4ccd-9634-74676dc4ed99}\MpKslcea936fc.sys [?]
S1 MpKsld75bf102;MpKsld75bf102;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72fcc21c-9582-4b2c-9c29-270f85aa444d}\mpksld75bf102.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{72fcc21c-9582-4b2c-9c29-270f85aa444d}\MpKsld75bf102.sys [?]
S1 MpKslde384813;MpKslde384813;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\mpkslde384813.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4f3a124c-4e9c-4746-9ff5-3cdacf0bada4}\MpKslde384813.sys [?]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-5 988216]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-9 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
.
=============== Created Last 30 ================
.
2011-03-04 22:03:26 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl10046adc.sys
2011-03-04 21:22:51 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl2bc422e5.sys
2011-03-04 21:04:43 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl22624198.sys
2011-03-04 01:44:45 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\MpKsl8d1c4c26.sys
2011-03-04 01:41:43 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{c8d3edce-01d8-406e-90f6-0547e769c47a}\mpengine.dll
.
==================== Find3M ====================
.
2011-02-21 23:37:54 90112 ----a-w- c:\windows\DUMP32b8.tmp
2010-12-31 00:55:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-31 00:55:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-27 03:25:00 45056 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2010-12-27 03:24:57 61440 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2010-12-27 03:24:57 44032 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2010-12-27 03:24:57 40960 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2010-12-27 03:24:57 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2010-12-27 03:24:57 32768 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2010-12-27 03:24:57 217088 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2010-12-27 03:24:56 163840 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2010-12-27 03:24:55 341048 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2005-02-16 17:06:00 218112 ----a-w- c:\program files\HijackThis.exe
.
============= FINISH: 16:24:10.87 ===============

**vict0r** · 2011-03-10, 21:23

Hello roadrunner23.

Is this the computer from the following topic?
http://forums.spybot.info/showthread.php?t=60858

Please read the following information again carefully.

IMPORTANT: Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

To make cleaning this machine easier:

Please continue to respond to this thread until I I tell you that the logs are clean!
Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
Please follow all instructions in the order posted.
If you have any questions or do not understand instructions, please ask before continuing.
Please reply to this thread. Do not start a new topic.
Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Uninstall Ask Toolbar

Please uninstall the Ask toolbar. You can read more about it HERE.

Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall Ask Toolbar

MGADiag

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in the window.
Save this file and copy/paste it in your next reply.

Security Check

Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link

Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.

Malwarebytes Anti-Malware (MBAM)

Have you done a recent scan with MBAM? If so please retrieve the newest log:

Start MBAM... click the Logs tab at the top.
The log will be named by the date & time of scan in the following format: mbam-log-yyyy-mm-dd (time).txt
Click on the last (most recent) log name to highlight it... then click the Open button, at bottom left. The log should open in Notepad as a text file.
Please copy and paste the entire mbam-log-yyyy-mm-dd (time).txt file in your next reply.
Be sure to post the complete log... including the top portion showing MBAM's database version and your operating system.
Exit MBAM when done.

If no recent scan please follow these instructions to do a quick scan:

Malwarebytes' Anti-Malware:

Please start Malwarebytes' Anti Malware (already installed).
Click the Update tab and then click the Check for Updates button to perform the update. (This may involve a restart of the program, if so repeat the Update procedure.)
When the update is finished, click the Scanner tab, select Perform Quick Scan and then click the Scan button.
When the scan is complete, click OK, then Show Results to view the results.
Check all items and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please reply with:

My initial question.
MGADiag results.
SecurityCheck log
Mbam log

**roadrunner23** · 2011-03-11, 01:50

Hi:

1. Yes this is the same computer. I have had no problems with it until about a week before my post.

2. I didn't see the ask toolbar in the add/remove program list.

3. MGADiag results (it didn't take more than a couple of minutes to run)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-9TCCK-JPCBM-B2FQ8
Windows Product Key Hash: B/IohRcCzV6LJrex8WpCdnxgTvg=
Windows Product ID: 76487-OEM-2211906-00803
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {0C69A27F-0305-4335-834B-089003F2B2D0}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0C69A27F-0305-4335-834B-089003F2B2D0}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B2FQ8</PKey><PID>76487-OEM-2211906-00803</PID><PIDType>2</PIDType><SID>S-1-5-21-203557802-3947339511-2002045300</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>EX269AA-ABA a1514n</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>3.11</Version><SMBIOSVersion major="2" minor="4"/><Date>20060410000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>EA31325F0184C05C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard Company</name><model>HP Pavilion</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>96B276194A3586</Val><Hash>cvQvXiJXaxGrScD+dT/UjHPKDQ8=</Hash><Pid>89388-707-0571044-65448</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13FEC:GENUINE C&C INC|187C0:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: HP PAVILION

OEM Activation 2.0 Data-->
N/A

4. Security Check log

Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
ESET Online Scanner
ZoneAlarm
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

5. MBAM Log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6006

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/9/2011 6:54:50 PM
mbam-log-2011-03-09 (18-54-50).txt

Scan type: Quick scan
Objects scanned: 264279
Time elapsed: 25 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you!

**vict0r** · 2011-03-11, 15:01

Hi

Have you shut off system restore on purpose?
We need to turn it back on:

Click Start -> All programs -> Accessories -> System tools -> System restore
Remove the check mark by Turn off system restore
Click Apply and then OK.

GMER

Make sure there's no scheduled scan in Microsoft Security Essentials for the rest of the day before running the scan:

Start Microsoft Security Essentials, then click Settings -> Sceduled scan and uncheck Run a scheduled scan... if a scan is about to start, then click Save changes and close the program.

Please download GMER Rootkit Scanner from Here to the desktop.

Double click the .exe file. If asked to allow .sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All << (don't miss this one)
See image below, Click the image to enlarge it
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

If GMER crashes, then restart your computer and try again, this time also uncheck Devices. You can also try the scan in safe mode if necessary. You might want to save these instructions with notepad or print them because there's no internet in safe mode:

Restart your computer
During startup, but before the Windows logo appears, tap the F5/F8 key continually or hold down the Shift key;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
When asked to proceed to safe mode, click Yes.
Follow the GMER instructions above.
When finished reboot the computer.

When finished, please post the following:

The GMER log.
Describe any problems while following the instructions (if any).

**roadrunner23** · 2011-03-12, 05:07

Here is the GMER log. It ran without any problems.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-11 22:05:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2500JS-60NCB1 rev.10.02E02
Running: 7q2bdbdw.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwldqpob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF1B90EB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF1B8D870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF1B98720]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF1B91270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF1B97520]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF1B97750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF1B9B0B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF1B91360]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF1B8DEF0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF1B99740]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF1B99380]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF1B97290]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF1B99A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF1B8DD40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF1B96FE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF1B96E00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF1B9A1F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF1B99D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF1B90B50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF1B9A020]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF1B91060]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF1B8E060]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF1B98EF7]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF1B97980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [70, 12, B9, F1, 20, 75, B9, ...] {JO 0x14; MOV ECX, 0xb97520f1; INT1 ; PUSH EAX; JA 0xffffffffffffffc4; INT1 }
? srescan.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

**vict0r** · 2011-03-12, 19:26

Hi

I need the answer to my question in my previous post:
Did you shut off system restore on purpose?

Please look in the System Event log for errors:

Click Start, click Run..., type eventvwr.msc and press Enter
Event Viewer should open, click System in the left pane, the system events should now be listed to the right.
Skip all Information/Warning-entries and look for the error-entries listed below.
For each error: Double-click the error will open the Event Properties window and click the copy icon on the right to copy the log.
Please paste the log(s) in your next reply

Error-entries:
3/3/2011 7:36:38 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000018, parameter2 00000002, parameter3 00000000, parameter4 f724ba59.
3/3/2011 5:52:09 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 8054b51a, parameter3 ee12992c, parameter4 00000000.
2/27/2011 1:57:00 PM, error: System Error [1003] - Error code 1000008e, parameter1 c000001d, parameter2 80545088, parameter3 80551344, parameter4 00000000.

**roadrunner23** · 2011-03-13, 05:52

I didn't shut off system restore on purpose. I must have forgotten to turn it back on after we worked on the rootkit problem last time.

Here are the system event logs:

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 3/3/2011
Time: 7:36:38 PM
User: N/A
Computer: GAINES2
Description:
Error code 100000d1, parameter1 00000018, parameter2 00000002, parameter3 00000000, parameter4 f724ba59.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 64 100000d
0020: 31 20 20 50 61 72 61 6d 1 Param
0028: 65 74 65 72 73 20 30 30 eters 00
0030: 30 30 30 30 31 38 2c 20 000018,
0038: 30 30 30 30 30 30 30 32 00000002
0040: 2c 20 30 30 30 30 30 30 , 000000
0048: 30 30 2c 20 66 37 32 34 00, f724
0050: 62 61 35 39 ba59

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 3/3/2011
Time: 5:52:09 PM
User: N/A
Computer: GAINES2
Description:
Error code 1000008e, parameter1 c0000005, parameter2 8054b51a, parameter3 ee12992c, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 30 35 2c 20 000005,
0038: 38 30 35 34 62 35 31 61 8054b51a
0040: 2c 20 65 65 31 32 39 39 , ee1299
0048: 32 63 2c 20 30 30 30 30 2c, 0000
0050: 30 30 30 30 0000

Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 2/27/2011
Time: 1:57:00 PM
User: N/A
Computer: GAINES2
Description:
Error code 1000008e, parameter1 c000001d, parameter2 80545088, parameter3 80551344, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 38 1000008
0020: 65 20 20 50 61 72 61 6d e Param
0028: 65 74 65 72 73 20 63 30 eters c0
0030: 30 30 30 30 31 64 2c 20 00001d,
0038: 38 30 35 34 35 30 38 38 80545088
0040: 2c 20 38 30 35 35 31 33 , 805513
0048: 34 34 2c 20 30 30 30 30 44, 0000
0050: 30 30 30 30 0000

**vict0r** · 2011-03-14, 00:58

Hi.

Download ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**.

Please rename ComboFix when you save the file to the desktop. Right click one of the following links and choose "Save as". name the file zzz(.exe), do not run the tool yet:

Link1
Link2

Disable Zonealarm Firewall

Right click on the Zonealarm icon in the System Tray and select Shutdown ZoneAlarm.

Note: It will start as normal after the computer has been rebooted.

Disable Microsoft Security Essentials

Open Microsoft Security Essentials (MSE) and go to Settings > Real Time Protection.
Then uncheck "Turn on real time protection".
Close MSE when done.

Run ComboFix

Double click the ComboFix icon on the desktop to run the tool and click Yes to the disclaimer.

Please install the Recovery Console if prompted.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review and make sure MSE is re-enabled after Combofix is finished.

**roadrunner23** · 2011-03-14, 02:46

Here is the Combofix log. I restarted MSE.

ComboFix 11-03-12.01 - HP_Administrator 03/13/2011 20:12:16.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.126 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\zzz.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-13 15:36 . 2011-03-13 15:36 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C3F09A0-DAD0-404B-881E-EE6F7C940DDC}\MpKsle81958d6.sys
2011-03-13 00:44 . 2011-03-13 00:44 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C3F09A0-DAD0-404B-881E-EE6F7C940DDC}\MpKslb9601060.sys
2011-03-13 00:42 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C3F09A0-DAD0-404B-881E-EE6F7C940DDC}\mpengine.dll
2011-03-11 00:39 . 2011-03-11 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2011-03-10 02:32 . 2011-03-10 02:32 -------- d-----w- c:\program files\2BrightSparks
2011-02-20 15:49 . 2011-02-20 15:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2011-02-15 20:34 . 2011-02-15 20:34 -------- d-----w- c:\documents and settings\Gaines\.thumbnails
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 23:37 . 2009-08-04 23:32 90112 ----a-w- c:\windows\DUMP32b8.tmp
2011-02-11 06:54 . 2010-12-24 02:43 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-31 00:55 . 2010-12-31 00:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-31 00:55 . 2010-07-03 23:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-27 03:25 . 2010-12-27 03:24 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-12-27 03:24 . 2010-12-27 03:24 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-12-27 03:24 . 2010-12-27 03:24 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-12-27 03:24 . 2010-12-27 03:24 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-12-27 03:24 . 2010-12-27 03:24 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-12-27 03:24 . 2010-12-27 03:24 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-12-27 03:24 . 2010-12-27 03:24 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-12-27 03:24 . 2010-12-27 03:24 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-12-27 03:24 . 2010-12-27 03:24 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-12-21 00:09 . 2009-09-25 00:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-09-25 00:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2005-02-16 17:06 . 2006-11-24 20:39 218112 ----a-w- c:\program files\HijackThis.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 04:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-14 27136]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 18:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAgent]
2006-09-19 22:50 856064 ----a-w- c:\program files\Parental Controls\PCTHelp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 04:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"navapsvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKslb9601060;MpKslb9601060;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C3F09A0-DAD0-404B-881E-EE6F7C940DDC}\MpKslb9601060.sys [3/12/2011 7:44 PM 28752]
R1 MpKsle81958d6;MpKsle81958d6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C3F09A0-DAD0-404B-881E-EE6F7C940DDC}\MpKsle81958d6.sys [3/13/2011 10:36 AM 28752]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [1/5/2011 5:31 AM 988216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S1 MpKsl000711e5;MpKsl000711e5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C69331-0296-453E-A9B6-A7B54F8BE3D6}\MpKsl000711e5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C69331-0296-453E-A9B6-A7B54F8BE3D6}\MpKsl000711e5.sys [?]
S1 MpKsl034dc51e;MpKsl034dc51e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2400397C-CFC8-4A08-BE3D-510739A44906}\MpKsl034dc51e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2400397C-CFC8-4A08-BE3D-510739A44906}\MpKsl034dc51e.sys [?]
S1 MpKsl0e7df3f2;MpKsl0e7df3f2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CD11EDF-FAE0-4A8F-860C-65CB2FB4D96A}\MpKsl0e7df3f2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CD11EDF-FAE0-4A8F-860C-65CB2FB4D96A}\MpKsl0e7df3f2.sys [?]
S1 MpKsl0e850547;MpKsl0e850547;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F368ADE-1F35-4291-9492-A3444DD3BDA6}\MpKsl0e850547.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F368ADE-1F35-4291-9492-A3444DD3BDA6}\MpKsl0e850547.sys [?]
S1 MpKsl121130bc;MpKsl121130bc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{388E2CF9-763B-4CCD-9634-74676DC4ED99}\MpKsl121130bc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{388E2CF9-763B-4CCD-9634-74676DC4ED99}\MpKsl121130bc.sys [?]
S1 MpKsl129f6610;MpKsl129f6610;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl129f6610.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl129f6610.sys [?]
S1 MpKsl22624198;MpKsl22624198;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8D3EDCE-01D8-406E-90F6-0547E769C47A}\MpKsl22624198.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8D3EDCE-01D8-406E-90F6-0547E769C47A}\MpKsl22624198.sys [?]
S1 MpKsl2875a02a;MpKsl2875a02a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CD11EDF-FAE0-4A8F-860C-65CB2FB4D96A}\MpKsl2875a02a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CD11EDF-FAE0-4A8F-860C-65CB2FB4D96A}\MpKsl2875a02a.sys [?]
S1 MpKsl2bc422e5;MpKsl2bc422e5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8D3EDCE-01D8-406E-90F6-0547E769C47A}\MpKsl2bc422e5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8D3EDCE-01D8-406E-90F6-0547E769C47A}\MpKsl2bc422e5.sys [?]
S1 MpKsl350d40ff;MpKsl350d40ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl350d40ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl350d40ff.sys [?]
S1 MpKsl391e0b4a;MpKsl391e0b4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{388E2CF9-763B-4CCD-9634-74676DC4ED99}\MpKsl391e0b4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{388E2CF9-763B-4CCD-9634-74676DC4ED99}\MpKsl391e0b4a.sys [?]
S1 MpKsl3d198c7c;MpKsl3d198c7c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl3d198c7c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl3d198c7c.sys [?]
S1 MpKsl3d87fb7f;MpKsl3d87fb7f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl3d87fb7f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl3d87fb7f.sys [?]
S1 MpKsl3eb71991;MpKsl3eb71991;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl3eb71991.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl3eb71991.sys [?]
S1 MpKsl435d1dc3;MpKsl435d1dc3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C69331-0296-453E-A9B6-A7B54F8BE3D6}\MpKsl435d1dc3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C69331-0296-453E-A9B6-A7B54F8BE3D6}\MpKsl435d1dc3.sys [?]
S1 MpKsl4419c27c;MpKsl4419c27c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl4419c27c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl4419c27c.sys [?]
S1 MpKsl4b69c89e;MpKsl4b69c89e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKsl4b69c89e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKsl4b69c89e.sys [?]
S1 MpKsl4f64f062;MpKsl4f64f062;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{724CDC9B-8316-4E40-A0CA-F7954E1E330C}\MpKsl4f64f062.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{724CDC9B-8316-4E40-A0CA-F7954E1E330C}\MpKsl4f64f062.sys [?]
S1 MpKsl54b7aedb;MpKsl54b7aedb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E85FCB-6078-419D-962F-6FFA3AFD9D8F}\MpKsl54b7aedb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E85FCB-6078-419D-962F-6FFA3AFD9D8F}\MpKsl54b7aedb.sys [?]
S1 MpKsl6c284207;MpKsl6c284207;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKsl6c284207.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKsl6c284207.sys [?]
S1 MpKsl703d9a3c;MpKsl703d9a3c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E85FCB-6078-419D-962F-6FFA3AFD9D8F}\MpKsl703d9a3c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E85FCB-6078-419D-962F-6FFA3AFD9D8F}\MpKsl703d9a3c.sys [?]
S1 MpKsl729ffc46;MpKsl729ffc46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKsl729ffc46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKsl729ffc46.sys [?]
S1 MpKsl8a000349;MpKsl8a000349;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl8a000349.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKsl8a000349.sys [?]
S1 MpKsl8d1c4c26;MpKsl8d1c4c26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8D3EDCE-01D8-406E-90F6-0547E769C47A}\MpKsl8d1c4c26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C8D3EDCE-01D8-406E-90F6-0547E769C47A}\MpKsl8d1c4c26.sys [?]
S1 MpKsl9c1ca9c6;MpKsl9c1ca9c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl9c1ca9c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{681A3AED-9479-4D45-8E7A-FC625E3708B5}\MpKsl9c1ca9c6.sys [?]
S1 MpKsla3a522d9;MpKsla3a522d9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKsla3a522d9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKsla3a522d9.sys [?]
S1 MpKsla40d5cb3;MpKsla40d5cb3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C5B97C4-F35E-4235-962C-232EB9C0A7C4}\MpKsla40d5cb3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C5B97C4-F35E-4235-962C-232EB9C0A7C4}\MpKsla40d5cb3.sys [?]
S1 MpKsla9ddb931;MpKsla9ddb931;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C69331-0296-453E-A9B6-A7B54F8BE3D6}\MpKsla9ddb931.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C0C69331-0296-453E-A9B6-A7B54F8BE3D6}\MpKsla9ddb931.sys [?]
S1 MpKslae5f485f;MpKslae5f485f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKslae5f485f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKslae5f485f.sys [?]
S1 MpKslbb425430;MpKslbb425430;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKslbb425430.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKslbb425430.sys [?]
S1 MpKslc2d6ba4a;MpKslc2d6ba4a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKslc2d6ba4a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6DB7DBD6-6178-40EC-A26F-ECCD922F0DE5}\MpKslc2d6ba4a.sys [?]
S1 MpKslc9c771a9;MpKslc9c771a9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C5B97C4-F35E-4235-962C-232EB9C0A7C4}\MpKslc9c771a9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5C5B97C4-F35E-4235-962C-232EB9C0A7C4}\MpKslc9c771a9.sys [?]
S1 MpKslcbe1d16d;MpKslcbe1d16d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKslcbe1d16d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKslcbe1d16d.sys [?]
S1 MpKslce6b3823;MpKslce6b3823;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKslce6b3823.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AE560DAB-F19C-4B03-BE7A-5DD8CFCB578D}\MpKslce6b3823.sys [?]
S1 MpKslcea936fc;MpKslcea936fc;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{388E2CF9-763B-4CCD-9634-74676DC4ED99}\MpKslcea936fc.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{388E2CF9-763B-4CCD-9634-74676DC4ED99}\MpKslcea936fc.sys [?]
S1 MpKsld75bf102;MpKsld75bf102;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72FCC21C-9582-4B2C-9C29-270F85AA444D}\MpKsld75bf102.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{72FCC21C-9582-4B2C-9C29-270F85AA444D}\MpKsld75bf102.sys [?]
S1 MpKslde384813;MpKslde384813;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKslde384813.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F3A124C-4E9C-4746-9FF5-3CDACF0BADA4}\MpKslde384813.sys [?]
S1 MpKslf28d8903;MpKslf28d8903;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CD11EDF-FAE0-4A8F-860C-65CB2FB4D96A}\MpKslf28d8903.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5CD11EDF-FAE0-4A8F-860C-65CB2FB4D96A}\MpKslf28d8903.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 4:00 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE81958D6
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\r1og734j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-CTFMON - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 20:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-03-13 20:40:03
ComboFix-quarantined-files.txt 2011-03-14 01:39
.
Pre-Run: 146,873,847,808 bytes free
Post-Run: 146,870,095,872 bytes free
.
- - End Of File - - 094D411561E43A25CD975DDE6AE2D18E

**vict0r** · 2011-03-15, 04:29

Assuming you still got the problems you described in your first post, my next suggestion is for you to uninstall the firewall (Zonealarm).

Uninstall Zonealarm

Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall Zonealarm

The uninstaller should ask for the computer to be rebooted, please do so.

Reset SP2 Firewall:

Click on Start >> Run... then cut/paste in the following and click on OK

Code:

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select On (recommended) >> OK.

If you still got problems after uninstalling Zonealarm, continue with Spybot S&D and the antivirus-software. Download another antivirus first, please use the suggested Avira Personal FREE Antivirus

Download Avira

Please download Avira Personal FREE Antivirus, but do not install it yet.

Uninstall misc

Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall Spybot - Search and Destroy and Microsoft Security Essentials

Reboot/restart the computer

Make sure the computer is rebooted after uninstalling the programs in the previous step.

Install Avira

Please install Avira and perform a update of the definitions.

random's system information tool (RSIT)

Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt (<<will be maximized)
- info.txt (<<will be minimized)
  You can also find the logs here: C:\rsit
Post both of these logs in your next reply (sometimes you have to make several post to get the logs posted).

Please post:
-The RSIT logs.
-Update me on the performance of the computer.

Thread: Possible Malware???

Thread Tools

Display

Possible Malware???

Posting Permissions