Hi,
1. Download combofix and save it to Desktop
2. Run it & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If you have problems with Combofix usage, see here
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
ComboFix 09-12-16.05 - HP_Administrator 12/17/2009 13:21:25.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.536 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\combofix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\Common
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\temp\0c2
c:\temp\0c2\tmpFF.log
c:\temp\brr
c:\temp\brr\tmpZTF.log
c:\windows\Fonts\RandFont.dll
c:\windows\kb913800.exe
c:\windows\system32\beuyfrbf.ini
c:\windows\system32\L1
c:\windows\system32\L11
c:\windows\system32\L3
c:\windows\system32\L5
c:\windows\system32\L7
c:\windows\system32\L9
c:\windows\system32\ps2.bat
c:\windows\system32\qtvwa.bak1
c:\windows\system32\qtvwa.bak2
c:\windows\system32\qtvwa.ini
c:\windows\system32\tmdflvlc.ini
c:\windows\system32\win
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.
2009-12-16 05:56 . 2009-12-16 05:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-12-14 13:14 . 2009-12-14 13:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-12 14:28 . 2009-12-12 14:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-12-12 14:28 . 2009-12-12 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\5600-6600 Series
2009-12-12 03:05 . 2009-12-12 03:05 -------- d-----w- c:\program files\SpywareBlaster
2009-12-09 13:21 . 2009-12-09 17:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-09 04:10 . 2009-12-09 04:10 -------- d-----w- c:\program files\ERUNT
2009-12-09 01:03 . 2009-12-09 01:03 -------- d-----w- c:\documents and settings\Hannah Banana\Application Data\5600-6600 Series
2009-11-28 16:01 . 2009-11-28 16:01 -------- d-----w- c:\program files\Troll
2009-11-24 22:26 . 2009-11-24 22:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Lexmark Productivity Studio
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 19:00 . 2009-04-22 00:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-16 19:26 . 2009-05-04 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 17:02 . 2009-04-22 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-12-14 13:19 . 2006-03-06 17:26 -------- d-----w- c:\program files\Google
2009-12-14 01:11 . 2009-12-14 01:11 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-09 13:22 . 2009-02-22 01:51 46708 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-09 01:04 . 2009-11-10 02:38 62552 ----a-w- c:\documents and settings\Hannah Banana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 22:14 . 2009-05-04 00:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2009-05-04 00:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 04:08 . 2006-03-06 16:57 62552 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 02:13 . 2009-08-28 02:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HpUpdate
2009-11-15 00:13 . 2009-11-15 00:13 -------- d-----w- c:\program files\ArcaMania
2009-11-13 04:26 . 2009-11-13 04:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\5600-6600 Series
2009-11-13 04:26 . 2009-11-13 04:20 -------- d-----w- c:\program files\Lexmark 5600-6600 Series
2009-11-13 04:22 . 2009-11-13 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\5600-6600 Series
2009-11-13 04:22 . 2009-11-13 04:22 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-11-13 04:21 . 2009-11-13 04:21 -------- d-----w- c:\program files\Lexmark Toolbar
2009-11-13 04:21 . 2009-11-13 04:21 -------- d-----w- c:\program files\Lexmark Printable Web
2009-11-11 23:57 . 2009-11-11 23:57 -------- d-----w- c:\documents and settings\Hannah Banana\Application Data\acccore
2009-11-11 12:51 . 2009-11-11 12:51 3262 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{17A869F2-4ABC-446D-B497-F08A7450A923}\PVUE.exe
2009-11-11 12:51 . 2009-11-11 12:51 -------- d-----w- c:\program files\Common Files\LEADTools
2009-11-11 12:51 . 2009-11-11 12:51 -------- d-----w- c:\program files\Pearson VUE
2009-11-04 06:22 . 2009-04-06 00:21 -------- d-----w- c:\program files\iTunes
2009-11-04 06:18 . 2009-11-04 06:18 -------- d-----w- c:\program files\iPod
2009-11-04 06:18 . 2009-02-22 01:40 -------- d-----w- c:\program files\Common Files\Apple
2009-11-04 06:06 . 2009-11-04 06:06 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-04 01:24 . 2009-11-04 01:24 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-10-31 13:24 . 2009-10-31 13:24 -------- d-----w- c:\program files\Realore
2009-10-29 07:45 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 03:20 . 2008-04-25 01:49 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-28 03:20 . 2008-04-25 01:49 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-28 03:20 . 2009-10-28 03:20 88 --sh--r- c:\documents and settings\All Users\Application Data\7C3A6E5A36.sys
2009-10-28 03:20 . 2009-10-28 03:20 88 --sh--r- c:\documents and settings\All Users\Application Data\7C3A6E5A36.sys
2009-10-21 05:38 . 2004-08-09 21:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-09 21:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-09 21:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-20 04:33 . 2009-02-22 01:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-10-17 03:36 . 2009-10-14 00:14 164569 --sha-w- c:\windows\system32\2loops_niw.dat
2009-10-13 10:30 . 2004-08-09 21:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-09 21:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-09 21:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-07-11 00:20 . 2009-07-11 00:20 774144 ----a-w- c:\program files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-06 180269]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2008-03-21 83232]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-21 36864]
"lxamsp32.exe"="lxamsp32.exe" [2001-10-22 45056]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"H3DCTL"="c:\windows\system32\X3DCTL.exe" [2002-09-13 290816]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-11 61440]
"DISCover"="c:\program files\DISC\DISCover.exe" [2005-11-11 1064960]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-09-10 676520]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-09-10 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-09-10 311976]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [11/12/2009 10:24 PM 98984]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 7:47 AM 24652]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [4/5/2009 4:47 PM 4736]
S3 MRVW225;Marvell Libertas 802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [10/29/2008 2:21 PM 299904]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [4/5/2009 4:47 PM 8960]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sbizgguz
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uInternet Connection Wizard,ShellNext = hxxp://service1.symantec.com/support/tsgeninfo.nsf/docid/2005071512012139
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=GRman000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: moove.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxps://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU-Run-Aim6 - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
Notify-win_spool2 - win_spool2.dll
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
AddRemove-Lexmark X73 - c:\program files\LexmarkX73\removeX73.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 13:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxducoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lxamsp32.exe
c:\windows\ARPWRMSG.EXE
c:\windows\system32\msiexec.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\LexmarkX63\ACMonitor_X63.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Updates from HP\9972322\Program\Updates from HP.exe
c:\program files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe
c:\program files\DISC\DiscStreamHub.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-12-17 13:47:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-17 19:47
Pre-Run: 189,708,705,792 bytes free
Post-Run: 190,615,588,864 bytes free
- - End Of File - - CC3D757CB36DA4CA8094721A3A8ADAA2
Hi,
Please post fresh OTL.txt log taken in normal mode.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
OTL logfile created on: 12/18/2009 8:32:26 AM - Run 2
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.30 Mb Total Physical Memory | 499.06 Mb Available Physical Memory | 49.15% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.44 Gb Total Space | 178.01 Gb Free Space | 79.31% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.42 Gb Free Space | 5.01% Space Free | Partition Type: FAT32
Drive E: | 242.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TERRISTAIR
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2009/12/16 22:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/10 05:11:12 | 00,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2008/09/10 05:11:09 | 00,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2008/05/23 06:58:34 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2008/05/23 06:58:22 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxduserv.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/10 19:51:56 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
PRC - [2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/01/04 15:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/04/10 11:25:24 | 00,913,408 | ---- | M] () -- C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe
PRC - [2006/03/06 11:17:09 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2005/12/18 20:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/11 15:11:12 | 00,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/11 15:11:04 | 01,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/11 15:10:00 | 00,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/11 15:10:00 | 00,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/11/03 09:26:30 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/11/03 09:22:36 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/11/03 09:22:28 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2005/10/11 07:33:20 | 02,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 04:24:02 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/08/26 20:14:44 | 00,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
PRC - [2005/08/26 20:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/11 14:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/08/02 18:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/05/03 12:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/02/02 15:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2002/09/13 02:56:28 | 00,290,816 | ---- | M] (X3D Technologies Corp.) -- C:\WINDOWS\system32\X3DCTL.exe
PRC - [2001/10/21 18:12:28 | 00,045,056 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\LXAMSP32.EXE
PRC - [2001/10/21 15:58:52 | 00,301,568 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2001/10/21 15:56:28 | 00,169,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/10/21 15:54:58 | 00,036,864 | ---- | M] (Lexmark) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
PRC - [2001/07/17 15:00:24 | 00,040,960 | ---- | M] () -- C:\Program Files\LexmarkX63\ACMonitor_X63.exe
PRC - [1998/05/07 03:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
========== Modules (SafeList) ==========
MOD - [2009/12/16 22:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2006/03/06 11:17:08 | 00,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\temp\IadHide5.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/01 18:06:00 | 02,805,084 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/23 06:58:34 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/05/23 06:58:22 | 00,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008/05/05 16:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/08/09 01:27:52 | 00,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE -- (Pml Driver HPZ12)
SRV - [2007/07/24 10:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 15:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/05/15 17:24:33 | 02,086,592 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/05/15 17:24:33 | 00,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/12/18 20:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/08/02 18:19:16 | 00,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/10/21 15:58:52 | 00,301,568 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
========== Driver Services (SafeList) ==========
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/06/10 02:00:00 | 00,324,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2005/12/21 16:44:28 | 00,299,904 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/03 09:50:58 | 01,353,820 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005/10/20 10:01:56 | 01,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/18 07:15:42 | 04,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/03 14:59:38 | 00,008,960 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2005/08/03 14:59:36 | 00,004,736 | R--- | M] (Laplink Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\llusbflt.sys -- (LLUSBFLT)
DRV - [2005/06/17 00:33:40 | 00,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/08 07:52:28 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/03/08 07:52:26 | 00,051,120 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/03/08 07:52:26 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/01/07 19:07:16 | 00,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/14 10:30:46 | 00,155,648 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2004/08/09 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/03 08:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 14:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/04/05 18:08:56 | 00,000,000 | ---D | M]
[2009/05/09 10:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/05/09 10:59:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - No CLSID value found.
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [H3DCTL] C:\WINDOWS\system32\X3DCTL.exe (X3D Technologies Corp.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxamsp32.exe] C:\WINDOWS\System32\LXAMSP32.EXE (Lexmark International)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe (Lexmark)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\4.0; File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB utility V1.02.exe.lnk = C:\Program Files\Customer\Wireless USB utility V1.02\Wireless USB utility V1.02.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk = C:\Documents and Settings\HP_Administrator\Application Data\IMVUClient\IMVUClient.exe File not found
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Music Monitor.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: moove.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 66 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/28 14:39:55 | 00,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2009/12/17 13:29:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/12/17 13:20:47 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/17 13:20:47 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/17 13:20:47 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/17 13:20:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/17 13:20:43 | 00,000,000 | ---D | C] -- C:\combofix
[2009/12/17 12:45:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/16 22:58:29 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/12/11 21:05:28 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/12/08 22:10:11 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/08 22:08:23 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2009/12/08 21:55:19 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThisInstaller.exe
[2009/11/28 10:01:04 | 00,000,000 | ---D | C] -- C:\Program Files\Troll
[2009/11/24 16:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Lexmark Productivity Studio
[2009/11/18 20:38:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\gym hw
[2009/11/12 22:21:07 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll
[2009/11/12 22:21:07 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll
[2009/11/12 22:21:07 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll
[2009/11/12 22:21:07 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll
[2009/11/12 22:21:06 | 01,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll
[2009/11/12 22:21:06 | 00,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll
[2009/11/12 22:21:06 | 00,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll
[2009/11/12 22:21:05 | 00,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll
[2009/11/12 22:21:05 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll
[2009/11/12 22:21:04 | 00,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll
[2009/07/10 18:20:59 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2009/04/27 15:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/14 21:49:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/06 18:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/04/06 18:51:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/04/05 19:56:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/24 07:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL
[2006/08/08 18:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/04 12:23:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/03/06 10:10:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/03/06 10:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2009/12/18 08:31:07 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/12/18 08:29:26 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/18 08:29:22 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/12/18 08:28:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/18 08:28:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/18 08:28:28 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/18 08:25:53 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2009/12/18 08:25:53 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2009/12/18 08:14:26 | 00,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4817EE3-45D9-44B8-96FC-4B128AAB7D45}.job
[2009/12/17 13:41:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/17 13:41:04 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/17 13:20:04 | 03,854,383 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\combofix.exe
[2009/12/16 22:58:29 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/12/16 13:26:01 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/13 19:03:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/12/12 13:24:21 | 00,013,346 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/12/11 23:27:53 | 02,562,024 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2009/12/11 21:05:29 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2009/12/09 22:54:07 | 00,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/12/09 11:51:19 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/09 07:22:56 | 00,046,708 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/09 07:22:37 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/12/08 22:10:11 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2009/12/08 22:08:25 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2009/12/08 21:55:37 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/12/08 21:55:20 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThisInstaller.exe
[2009/12/08 21:43:30 | 00,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/08 21:43:30 | 00,445,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/08 21:43:30 | 00,072,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/08 21:40:19 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\V CAST Music Monitor.lnk
[2009/12/08 21:34:14 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 19:12:11 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/12/08 19:12:04 | 00,221,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 22:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/28 10:01:10 | 00,000,649 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Troll.lnk
[2009/11/21 17:48:07 | 00,355,932 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091212-132602.backup
[2009/11/19 19:40:16 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2100/02/23 17:55:50 | 00,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2009/12/17 13:20:47 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/17 13:20:47 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/17 13:20:47 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/17 13:20:47 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/17 13:20:47 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/17 13:20:04 | 03,854,383 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\combofix.exe
[2009/12/13 20:31:11 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/11 21:05:29 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpywareBlaster.lnk
[2009/12/09 07:21:19 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/08 22:10:11 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2009/12/08 21:55:37 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009/11/28 10:01:10 | 00,000,649 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Troll.lnk
[2009/11/12 22:24:30 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll
[2009/11/12 22:24:28 | 00,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxducoin.dll
[2009/11/12 22:23:46 | 01,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll
[2009/11/12 22:23:46 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll
[2009/11/12 22:23:46 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll
[2009/11/12 22:23:24 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDUPMON.DLL
[2009/11/12 22:23:24 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDUFXPU.DLL
[2009/11/12 22:23:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxduoem.dll
[2009/11/12 22:21:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini
[2009/11/12 22:21:07 | 00,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll
[2009/11/12 22:21:05 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll
[2009/10/27 21:20:11 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\7C3A6E5A36.sys
[2009/06/23 15:46:41 | 00,091,072 | ---- | C] () -- C:\WINDOWS\System32\RoseCo2.dll
[2009/05/07 14:15:06 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\mcs.rma
[2009/05/07 14:15:06 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\544CEE
[2009/05/02 09:24:54 | 00,002,358 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\D58BBF07-BDA8-41EF-8187-0CE741673380.txt
[2009/05/01 20:17:48 | 00,003,194 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\D58BBF07-BDA8-41EF-8187-0CE741673380.txt
[2009/04/15 19:41:50 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/12/28 21:04:23 | 00,000,141 | ---- | C] () -- C:\WINDOWS\System32\09wutili.sys
[2008/10/29 14:20:14 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/18 12:14:40 | 00,382,828 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/10/18 12:14:40 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/10/18 12:14:32 | 00,002,232 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
[2008/10/18 12:14:32 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2008/10/18 11:06:52 | 00,048,676 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/10/18 11:06:52 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/22 12:12:26 | 00,000,342 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/05/15 14:19:28 | 00,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/05/15 14:19:28 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/05/15 14:19:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/05/15 14:19:27 | 03,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/05/15 14:19:23 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/04/24 19:49:12 | 00,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/04/24 19:49:12 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\881589C1A3.sys
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/10/31 15:30:47 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/07/28 11:59:37 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/28 16:00:04 | 00,443,368 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2006/10/18 11:41:39 | 00,000,305 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/22 07:48:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/19 18:43:44 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/01 19:39:57 | 00,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/03/06 11:46:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/06 11:21:35 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/06 11:16:20 | 00,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/06 11:16:13 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/06 11:13:49 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/06 11:10:53 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/06 11:00:31 | 00,013,346 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/06 10:59:07 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/06 10:43:03 | 00,008,071 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/06 10:41:57 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/06 10:38:00 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/06 10:14:28 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/06 10:14:28 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/06 10:14:08 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 08:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 01:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 17:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/05/13 16:18:34 | 00,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 08:08:36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 08:08:33 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/10/24 13:56:36 | 00,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D994162E
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3790BACD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B823FE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
I had Avast installed but recently deleted it bc it's not comperable with IE 8 despite an hour of phone support to try to fix the issues. Please advise which programs I should delete after this is resolved since there is quite a few malware things on now, including spybot. If none of these work as an antivirus, is there another free program you recommend or would Kapersky be a good option at $20 for 3 computers?
Thank you so much for your help. Not sure if the applications accessed through Facebook are the root of the problem, or if dd is clicking on other pop ups thinking they are legit.
Hi again,
Kaspersky is a good option.If none of these work as an antivirus, is there another free program you recommend or would Kapersky be a good option at $20 for 3 computers?
Good free antivirus programs are:
Antivir
Avast!
Good commercial vendor alongside with Kaspersky is ESET.
------------------------------
Is D: drive your recovery partition?
Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Uninstall your current Adobe shockwave player and get the fresh one here if needed.
Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 17.
- Click the
Download
button to the right.- Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report. How's the system running now?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
The system was running well until I downloaded the trial version of net nanny, which I'd planned on buying. Now the browser locks up the same as it did with Avast installed.
I've tried multiple times to download Adobe Reader, both the 9.2 version and the 10.? version. I get a window stating some error with both every time. If I click to allow it to be debugged it works a bit and then fails and shuts down the window entirely and asks if I want to send an error report
What link did you use?I've tried multiple times to download Adobe Reader, both the 9.2 version and the 10.? version. I get a window stating some error with both every time. If I click to allow it to be debugged it works a bit and then fails and shuts down the window entirely and asks if I want to send an error report
Please skip over Adobe Reader part for now.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Kapersky report
I don't know what D drive is for, I never touch it
Monday, December 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 21, 2009 04:06:13
Records in database: 3394302
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Objects scanned 157411
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 04:53:03
File name Threat Threats count
C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\hannah banana\yoville.exe Infected: Trojan-Spy.Win32.SCKeyLog.au 1
Selected area has been scanned.
Delete C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\hannah banana\yoville.exe file.
Post back contents of following file:
c:\qoobox\quarantine\D\Autorun.inf.vir
Try to download Adobe Reader from this link. Then see if you're able to install it. Note down possible error.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Posting Permissions
