JarMD80

Members
  • Content Count

    10
  • Joined

  • Last visited

Community Reputation

0 Neutral

About JarMD80

  • Rank
    Member
  1. Ah I see, its related to Studio 10, which I also have installed, I just ran a standalone installer to kick it up to the latest version and that appears to have fixed the deal with the other installer running in front of my FS stuff, strange how those were linked together. Thanks for all the help Blade81! Jared
  2. Its running alright, but after running ComboFix and after it removed those files that was in the code, when initially running, in specific Flight Simulator, my flight planning utility, FSBuild, and another FS utility FS Real Time, the computer wants to install a "SmartSound Quicktracks Plugin" which I have no idea what it is, after I cancel the installer 3 or more times the program/s run with no problem, what is it or how do I stop the installer from running? Jared
  3. That did it. DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 13:02:11.46 on Tue 03/16/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2325 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {00000000-0000-0000-0000-000000000000} - No File TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\trilli~1.lnk - c:\program files\trillian\trillian.exe IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 Trusted Zone: turbotax.com DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\ichlw2ku.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.flightaware.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: content.notify.backoffcount - 5 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.cache.memory.capacity - 65536c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2007-10-22 81356] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-28 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-31 236368] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-7 632792] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2007-10-22 39182] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2007-10-22 9804] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-31 19160] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-8-24 194304] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [2005-8-28 44032] R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2007-12-22 179968] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 135664] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-10-1 14424] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-3-13 27064] S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2007-8-25 6085] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-7 1247600] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-7 24652] =============== Created Last 30 ================ 2010-03-16 06:55:02 80079 ----a-w- C:\MD-11 Oceanic.JPG 2010-03-16 04:35:32 272359 ----a-w- C:\Water over Atlantic.jpg 2010-03-16 02:53:08 402312 ----a-w- C:\DAL.jpg 2010-03-16 01:15:43 287789 ----a-w- C:\-2010-mar-15-003.jpg 2010-03-16 01:15:36 315551 ----a-w- C:\-2010-mar-15-005.jpg 2010-03-16 01:15:20 301603 ----a-w- C:\-2010-mar-15-001.jpg 2010-03-13 20:44:15 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2010-03-13 20:44:13 0 d-----w- c:\program files\VS Revo Group 2010-03-13 16:13:20 0 d-----w- c:\program files\Ask.com 2010-03-12 06:28:27 152628 ----a-w- C:\-2010-mar-12-002.jpg 2010-03-12 06:20:35 110246 ----a-w- C:\Near MMPR at FL330.jpg 2010-03-10 23:14:51 0 d-----w- c:\program files\Real Environment Xtreme FS2004 2010-03-10 10:19:08 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Registry Mechanic 2010-03-10 01:19:31 0 d-----w- C:\xp_exe_fix 2010-03-09 18:38:22 98816 ----a-w- c:\windows\sed.exe 2010-03-09 18:38:22 77312 ----a-w- c:\windows\MBR.exe 2010-03-09 18:38:22 261632 ----a-w- c:\windows\PEV.exe 2010-03-09 18:38:22 161792 ----a-w- c:\windows\SWREG.exe 2010-03-07 19:23:38 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-03-07 19:23:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-03-07 08:06:50 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2010-03-07 08:06:50 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2010-03-07 08:06:50 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2010-03-07 08:06:49 0 d-----w- c:\program files\common files\PC Tools 2010-03-06 23:09:24 10012 ----a-w- C:\Alaska Airlines And Horizon Air Routes.xlsx 2010-03-06 22:21:51 139809 ----a-w- C:\ASAconcorde.jpg 2010-03-06 06:43:05 787508 ----a-w- C:\dh8400_main.bmp 2010-03-05 22:03:44 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-03-05 22:03:32 0 d-----w- c:\program files\NVIDIA Corporation 2010-03-05 22:02:49 9047 ----a-w- c:\windows\system32\nvinfo.pb 2010-03-05 22:02:49 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-05 22:02:46 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-03-01 17:50:56 15015 ----a-w- C:\EPRtable.odt 2010-02-23 00:15:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2010-02-23 00:13:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2010-02-23 00:12:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2010-02-23 00:04:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2010-02-23 00:04:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-23 00:04:36 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-02-23 00:01:24 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-02-23 00:01:24 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2010-02-23 00:01:24 317952 ------w- c:\windows\system32\imapi2.dll 2010-02-23 00:01:24 317952 ------w- c:\windows\system32\dllcache\imapi2.dll ==================== Find3M ==================== 2010-03-16 17:01:15 411368 -c--a-w- c:\windows\system32\deploytk.dll 2010-01-27 01:25:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-01-27 01:25:33 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-01-27 01:25:33 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-01-27 01:25:33 25248 -c--a-w- c:\windows\system32\lmimirr.dll 2010-01-27 01:25:33 11552 -c--a-w- c:\windows\system32\lmimirr2.dll 2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03:33 592488 -c--a-w- c:\windows\system32\nvudisp.exe 2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03:33 10276768 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys 2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2010-01-07 19:38:10 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2010-01-07 19:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2010-01-07 19:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2010-01-07 19:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2010-01-07 19:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2010-01-07 19:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2010-01-07 19:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe 2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe 2009-07-01 17:26:19 127804 -c--a-w- c:\program files\Uninstal.exe 2009-05-26 02:30:44 53411556 -c--a-w- c:\program files\FSBuild(2).zip 2009-03-02 21:00:23 51688761 -c--a-w- c:\program files\FSBuild.zip 2008-07-23 03:37:38 12095 -c--a-w- c:\program files\PaintInfo.txt 2002-07-26 22:02:06 153088 ----a-w- c:\program files\UNWISE.EXE 2007-08-25 03:14:21 90 -csh--w- c:\windows\cnerolf.dat 2008-12-23 01:10:50 13560 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-04-01 05:32:59 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat ============= FINISH: 13:03:02.56 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/24/2007 1:33:11 PM System Uptime: 3/16/2010 12:50:04 PM (1 hours ago) Motherboard: ASUSTek Computer INC. | | NAGAMI2 Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2004/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 224 GiB total, 35.719 GiB free. D: is FIXED (FAT32) - 9 GiB total, 0.444 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable Z: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01 Manufacturer: NVIDIA Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01 Service: NVENETFD ==== System Restore Points =================== RP1: 3/9/2010 1:55:31 PM - System Checkpoint RP2: 3/10/2010 5:54:30 PM - System Checkpoint RP3: 3/10/2010 6:14:43 PM - Installed Real Environment Xtreme FS2004 RP4: 3/11/2010 3:00:20 AM - Software Distribution Service 3.0 RP5: 3/12/2010 5:05:58 AM - System Checkpoint RP6: 3/13/2010 11:07:30 AM - System Checkpoint RP7: 3/13/2010 11:12:36 AM - Removed Ask.com Toolbar. RP8: 3/13/2010 11:13:20 AM - Removed Ask.com Toolbar. RP9: 3/13/2010 3:48:21 PM - Revo Uninstaller Pro's restore point - Ask.com Toolbar RP10: 3/13/2010 3:53:25 PM - Revo Uninstaller Pro's restore point - Adobe Reader 8.1.4 RP11: 3/13/2010 3:54:00 PM - Removed Adobe Reader 8.1.4 RP12: 3/13/2010 4:01:11 PM - Installed Adobe Reader 9.3. RP13: 3/15/2010 3:46:29 PM - Revo Uninstaller Pro's restore point - J2SE Runtime Environment 5.0 Update 5 RP14: 3/15/2010 3:46:59 PM - Removed J2SE Runtime Environment 5.0 Update 5 RP15: 3/15/2010 3:49:47 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 13 RP16: 3/15/2010 3:50:05 PM - Removed Java(tm) 6 Update 13 RP17: 3/15/2010 3:51:15 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 18 RP18: 3/15/2010 3:51:35 PM - Removed Java(tm) 6 Update 10 RP19: 3/15/2010 3:53:13 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 2 RP20: 3/15/2010 3:55:07 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 3 RP21: 3/15/2010 3:57:15 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 4 RP22: 3/15/2010 3:59:02 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 5 RP23: 3/15/2010 4:00:52 PM - Revo Uninstaller Pro's restore point - Java(tm) 6 Update 7 RP24: 3/16/2010 1:01:08 PM - Installed Java(tm) 6 Update 18 ==== Installed Programs ====================== Flight One Software Meridian 2004 µTorrent 737-300 Pilot in Command 737 Pilot in Command - 400/500 Upgrade ABBYY FineReader 5.0 Sprint AceIt v1.3.1 Active AirSource v3.27 Active Camera 2004 fix version 2.1 (FS9.0) Active Camera 2004 version 2.1 for FS 9.0 Active Sky Advanced Active Sky Evolution [email protected] ISO Burner v 1.1 Adobe Acrobat 7.0 Professional Adobe Acrobat 7.1.0 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.1 aerosoft's - AES-Base&&AirportPack - FS2004 aerosoft's - Brussels 2007 aerosoft's - Commuter Airliners (Eurowings 2004) aerosoft's - London Heathrow 2008 aerosoft's - Mega Airport Frankfurt - FS2004 aerosoft's - Paris CDG 2005 - FS2004 aerosoft's - Piper Cheyenne Aeroworx X-treme King Air B200 v.2.1 Update Aeroworx X-treme King Air B200 v.2.2 Patch Agere Systems PCI-SV92PP Soft Modem AIM 6 AIM Toolbar AiO_Scan AiOSoftware Airbus Series Vol.1 (FS2004) Airbus Series Vol.1 Deluxe Upgrade (FS2004) Airbus Vol 1 Call 1.0 Airline Pack E-170 FS9/FSX (version 1.1) Alien Outbreak 2 ALMATY9 V2.0 ALUpdate ALZip Ancient Sudoku AnswerWorks 4.0 Runtime - English Apple Software Update ArcSoft PhotoImpression 6 Ariane Boeing 737-700 Ng V3 Ariane Boeing 737-800 Ng V3 Ariane Boeing 737-900 ER NavDATA Ariane Boeing 737-Ng NavDATA ATC Career Prep Software Suite Audacity 1.2.6 AudibleManager Auto Updater AutoUpdate Bejeweled 2 Deluxe Big Kahuna Reef Blackhawk Striker 2 Blasterball 2 Remix Blasterball 2 Revolution Boeing 737-600 Ng Splash & Backgrounds Boeing 737-900 Ng CFM56 7b 26 SOUND PART ONE Boeing 737-900 Ng CFM56 7b 26 SOUND PART TWO Boeing 757 Professional 2006 Bookworm Deluxe Bounce Symphony BufferChm Cancun_2005 Carenado C 152 II CCleaner (remove only) Chuzzle Deluxe Class_50_Content_Update CLOUD9 LosAngeles 1.01 CLOUD9 Washington 1.01 Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CRJ Experience CRJ New Generation CueTour Customer Experience Enhancement CYWG (Winnipeg Int Airport) V1.01 for FS2004 Dallas Delta Virtual Airlines ACARS Delta Virtual Airlines ACARS (beta) 2.2 Delta Virtual Airlines ACARS 2.2 Delta Virtual Airlines DC-6 (FS2004) Delta Virtual Airlines DC-8 (FS2004) Destinations Digital Aviation's - Dornier Do-27 Diner Dash DISCover DivX DivX Plus Web Player DocProc DocumentViewer Download Updater (AOL LLC) DVD and CD Designer DVD Burning Xpress 3.30 E-Jets Series (FS2004) Eaglesoft Development Group Citation X 2.0 FS9 Easy CD Creator 5 Basic Easy DVD Rip Easy Internet Sign-up Easy Video Joiner 5.21 Easy Video Splitter 1.28 Eiresim Dublin 2009 Encode360 Enhanced Multimedia Keyboard Solution Expstudio Audio Editor FREE Fairies Family Feud FATE Fax FeelThere ERJ v.2 FeelThere PIC ERJ-145LR 1.0 FlightZone 02: Portland Flip Words Fly the MADDOG 2008 - Professional Edition Fly the MADDOG 2008 liveries Fokker 70-100 FREE Hi-Q Recorder 1.9 FS Online Center 2007 FS Online Center 2007 V2 FS Real Time v1.83 FS2Crew MD-11 UK & Eurozone Voice Set FS2Crew Start Center FS2Crew Start Center April 2009 FS2Crew: Flight1 ATR Edition FSAutoStart FSBuild 2 FSDreamTeam Ohare9 1.1.1 FSDreamTeam Zurich9 1.3 FSFDT FSCopilot FSFDT FSInn FSWXR2100 Version 1.4.1 GARMIN 500 Series Trainer GemMaster Mystic Google Toolbar for Internet Explorer Google Update Helper Google Updater Greatest Airliners: 727 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 10 (KB910393) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Driver Diagnostics HP DVD Play 2.1 HP Game Console HP Image Zone 4.2 HP Product Assistant HP PSC & OfficeJet 4.2 HP Rhapsody HP Solution Center and Imaging Support Tools 6.1 HP Update HP Web Helper HPODiscovery HPProductAssistant HpSdpAppCoreApp HPSystemDiagnostics HyperCam 2 iDailyDiary 3.41 Insaniquarium Deluxe InstantShare Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java(tm) 6 Update 18 JeppView / JeppView FliteDeck Jewel Quest JustFlight 777 Professional K-Lite Codec Pack 3.3.0 Full KATL Atlanta KBWI2k5v2 KDEN Denver KEWR Newark KIND v1.1.1 2009 for FS9 KIND v1.1.1 for FS9 KLGA La Guardia KMCI Kansas City KMCO v1.1.1 for FS9 KMSP v1.1.1 for FS2004 LAGO Twin Otter Version 2.00 Legacy 'The Luxury Aircraft Collection' Level-D Simulations 767-300 Lexmark X1100 Series LightScribe 1.4.84.1 Logitech Audio Echo Cancellation Component Logitech ImageStudio LogMeIn LogMeIn Hamachi Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Magic ISO Maker v5.5 (build 0273) MagicDisc 2.7.106 Mah Jong Quest Malwarebytes' Anti-Malware Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Away Mode Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator 2004 A Century of Flight Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Money 2006 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Edition 60 Days Trial Welcome Tour Microsoft Office 97, Professional Edition Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 6.0 Professional Edition Microsoft WinUsb 1.0 Microsoft Works Microsoft XML Parser Mozilla Firefox (3.6) MSDN Library - Visual Studio 6.0a MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 MyActiveAirSource Mystery Case Files Mz Ultimate Tweaker v5.9 Navigraph nDAC 3 NCalc 5.1.0 neroxml Netscape Browser (remove only) Netscape Navigator (9.0.0.3) NVIDIA Drivers NVIDIA nView Desktop Manager OpenOffice.org 3.1 Otto Overland OVT Scanner Payload_Planner PC-Doctor 5 for Windows PeerBlock 1.0.0 (r181) PerSono Pro PerSono Pro Install Photo DVD Maker Professional 6.51 PhotoGallery Pinnacle Instant DVD Recorder PMDG 747-400F GE Atlas PMDG 747-400F GE Polar Air Cargo PMDG 747-400F PW FedEx PMDG MD-11 FS9 PMDG747_400 Queen of the Skies PMDG747_400F PMDGMD11_FS9_GE_AA PMDGMD11_FS9_GE_CO PMDGMD11_FS9_GE_KL1 PMDGMD11_FS9_GE_NA PMDGMD11_FS9_GEF_FXF1 PMDGMD11_FS9_GEF_GRF2 PMDGMD11_FS9_GEF_LHF1 PMDGMD11_FS9_GEF_WOF1 PMDGMD11_FS9_PW_DL PMDGMD11_FS9_PW_DL1 PMDGMD11_FS9_PW_DL2 PMDGMD11_FS9_PW_DL3 PMDGMD11_FS9_PW_NW PMDGMD11_FS9_PW_UA2 PMDGMD11_FS9_PW_WO1 PMDGMD11_FS9_PW_WO2 PMDGMD11_FS9_PWF_5XF PMDGMD11_FS9_PWF_FXF PMDGMD11_FS9_PWF_WOF Poker Superstars Polar Bowler Polar Golfer PrintScreen proDAD Heroglyph 2.5 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder Quad Cities International Airport by M1DG Quicken 2006 QuickProjects QuickTime Readme Real Environment Xtreme FS2004 RealPlayer Realtek High Definition Audio Driver Registry Mechanic 9.0 Remove UK2000 Birmingham Xtreme files Revo Uninstaller Pro 2.1.1 Ricochet Lost Worlds Roger Wilco Saitek SST Programming Software Scan SCRABBLE SD40-2_Content_Update Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) SI Calendar 2009 Sim-Wings - Nice Cote d'Azur SkinsHP1 Skypeâ„¢ 4.1 Slingo Deluxe SmartSound Quicktracks Plugin Smith Designs KATL AFCAD Update Snowy The Bears Adventure SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy Studio 10 Studio 10 Bonus DVD Studio 10.8 Patch Sumatra PDF reader Super Granny Symantec KB-DocID:2003093015493306 System Requirements Lab TBPB v1.1.1 for FS9 TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 TeamSpeak 3 Client Tennis Titans Text-o-Matic The FFS Saab 340 Base Installer The FFS Saab 340 Update Tornado Jockey Tradewinds TrayApp Trillian TurboTax Premier 2007 Ulead Disc-Direct SDK Ultimate Terrain - USA Uninstall OVT Scanner Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) US ACARS 2.2 VAT-Spy VC80CRTRedist - 8.0.50727.4053 VCRedistSetup Version 1.0 VHHH Hong Kong FS2004 Viewpoint Media Player VRC Vuze WeatherBug WebFldrs XP WebReg Wee Tune Beastie Winamp Winamp Detector Plug-in Winamp Toolbar for Internet Explorer WinAVI Video Converter Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows Presentation Foundation Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinFast PVR WingMan Software Wings of Power: B17 Flying Fortress Wings of Power: P51D/H Mustang X-treme King Air B200 v.2.0.1 XML Paper Specification Shared Components Pack 1.0 XviD & MP3 Codec Pack (remove only) XviD 1.1 final uninstall Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar Zune Zune Language Pack (DE) Zune Language Pack (ES) Zune Language Pack (FR) Zune Language Pack (IT) ==== Event Viewer Messages From Past Week ======== 3/9/2010 9:39:26 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.FlightSimulator.SimConnect . Reference error message: The referenced assembly is not installed on your system. . 3/9/2010 9:39:26 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\HiFi\ASE\Microsoft.FlightSimulator.SimConnect.dll. Reference error message: The operation completed successfully. . 3/9/2010 9:39:26 PM, error: SideBySide [32] - Dependent Assembly Microsoft.FlightSimulator.SimConnect could not be found and Last Error was The referenced assembly is not installed on your system. 3/9/2010 3:58:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde 3/9/2010 1:57:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/9/2010 1:55:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 3/9/2010 1:38:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 ASPI32 cdudf_xp Fips ftsata2 PCLEPCI 3/9/2010 1:38:06 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified. 3/9/2010 1:38:06 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/9/2010 1:38:06 PM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/9/2010 1:37:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/9/2010 1:36:37 PM, error: SRService [104] - The System Restore initialization process failed. 3/15/2010 7:57:57 PM, error: System Error [1003] - Error code 000000ea, parameter1 88b146e0, parameter2 8a49d790, parameter3 8a436650, parameter4 00000001. 3/14/2010 9:22:32 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates. 3/14/2010 12:48:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00146C661794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 3/13/2010 4:18:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SamSs service. 3/13/2010 4:17:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ProtectedStorage service. 3/13/2010 4:16:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service. 3/13/2010 4:16:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service. 3/13/2010 4:10:22 AM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s). 3/13/2010 2:45:21 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1. 3/11/2010 12:04:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 ASPI32 cdudf_xp Fips ftsata2 IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip WS2IFSL 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:03:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} ==== End Of File ===========================
  4. All Java versions/updates removed, though I am now being prompted to update Java, should I? Logs: ComboFix 10-03-15.04 - HP_Administrator 03/15/2010 20:01:30.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2509 [GMT -4:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt FILE :: "c:\documents and settings\Administrator\My Documents\Downloads\backups\backup-20100307-032358-328.dll" "c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\25f85995-1c6be6fd" "c:\my music\The Chambers Brothers - Time has come Today.mp3" "c:\windows\Web\Wallpaper\welcome\AWhelper.dll" file zipped: c:\windows\system32\cnswtpva.exe file zipped: c:\windows\system32\fdrbeuxr.exe file zipped: c:\windows\system32\fegfxxxg.exe file zipped: c:\windows\system32\heyhwfdx.exe file zipped: c:\windows\system32\ltsannoc.exe file zipped: c:\windows\system32\tduachda.exe file zipped: c:\windows\system32\thgslbhv.exe file zipped: c:\windows\system32\ukqjvacb.exe file zipped: c:\windows\system32\votcftxb.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\My Documents\Downloads\backups\backup-20100307-032358-328.dll c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\25f85995-1c6be6fd c:\my music\The Chambers Brothers - Time has come Today.mp3 c:\windows\eSellerateEngine.dll c:\windows\system32\cnswtpva.exe c:\windows\system32\fdrbeuxr.exe c:\windows\system32\fegfxxxg.exe c:\windows\system32\heyhwfdx.exe c:\windows\system32\ltsannoc.exe c:\windows\system32\tduachda.exe c:\windows\system32\thgslbhv.exe c:\windows\system32\ukqjvacb.exe c:\windows\system32\votcftxb.exe c:\windows\Web\Wallpaper\welcome\AWhelper.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 ))))))))))))))))))))))))))))))) . 2010-03-13 20:44 . 2010-03-13 20:44 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\VS Revo Group 2010-03-13 20:44 . 2009-12-30 16:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2010-03-13 20:44 . 2010-03-13 20:44 -------- d-----w- c:\program files\VS Revo Group 2010-03-13 16:13 . 2010-03-13 20:50 -------- d-----w- c:\program files\Ask.com 2010-03-13 16:13 . 2010-03-13 16:13 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AskSuperBar 2010-03-10 23:20 . 2010-03-12 04:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Real_Environment_Simulati 2010-03-10 23:14 . 2010-03-12 07:56 -------- d-----w- c:\program files\Real Environment Xtreme FS2004 2010-03-10 10:19 . 2010-03-10 10:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Registry Mechanic 2010-03-10 01:19 . 2010-03-10 01:19 -------- d-----w- C:\xp_exe_fix 2010-03-08 19:14 . 2010-03-08 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue 2010-03-07 22:35 . 2010-03-07 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESTsoft 2010-03-07 19:23 . 2010-03-07 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-07 19:23 . 2010-03-07 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-07 18:45 . 2010-03-07 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian 2010-03-07 08:06 . 2010-03-07 08:06 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-07 06:08 . 2010-03-07 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-03-07 05:54 . 2010-03-07 05:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-03-07 05:53 . 2010-03-07 05:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\teamspeak2 2010-03-07 05:13 . 2010-03-07 05:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-03-05 22:03 . 2010-03-05 22:04 -------- d-----w- c:\program files\NVIDIA Corporation 2010-03-05 22:02 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-05 22:02 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-02-28 18:31 . 2010-01-22 17:13 3858432 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll 2010-02-28 18:31 . 2010-01-22 16:49 8520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\ractrlkeyhook.dll 2010-02-28 18:31 . 2010-01-22 16:49 70984 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIProxyHelper.exe 2010-02-28 18:31 . 2010-01-22 16:46 574768 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardianDll.dll 2010-02-28 18:31 . 2010-01-22 16:46 15664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardianEvt.dll 2010-02-28 18:31 . 2010-01-22 16:46 83256 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardian.exe 2010-02-28 02:15 . 2010-02-28 02:15 15086 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{FB56079B-7D0C-4D1D-864A-09BA159CC31B}\ARPPRODUCTICON.exe 2010-02-23 00:04 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-02-23 00:01 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-02-23 00:01 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2010-02-23 00:01 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2010-02-23 00:01 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-15 23:58 . 2009-06-16 18:09 -------- d-----w- c:\program files\Trillian 2010-03-15 23:53 . 2008-07-10 22:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype 2010-03-15 20:00 . 2006-05-07 02:59 -------- d-----w- c:\program files\Java 2010-03-15 20:00 . 2008-07-10 22:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM 2010-03-15 17:46 . 2009-07-30 19:09 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-15 17:42 . 2009-02-28 19:30 -------- d-----w- c:\program files\FSBuild 2010-03-15 00:01 . 2008-06-15 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-13 21:01 . 2006-05-07 03:39 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-12 17:51 . 2007-08-24 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GRLevel3 2010-03-12 08:56 . 2010-01-22 03:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent 2010-03-12 08:56 . 2009-10-02 01:32 -------- d-----w- c:\program files\PeerBlock 2010-03-12 07:40 . 2009-12-15 07:24 -------- d-----w- c:\program files\MyActiveAirSource 2010-03-10 10:19 . 2007-11-05 19:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-10 09:29 . 2010-01-22 03:44 -------- d-----w- c:\program files\uTorrent 2010-03-09 18:09 . 2006-05-07 03:30 67360 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-07 08:24 . 2006-05-07 03:58 -------- d-----w- c:\program files\Google 2010-03-07 07:49 . 2008-05-10 18:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-07 05:05 . 2007-08-24 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Plantronics 2010-03-06 04:14 . 2006-05-07 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-06 03:32 . 2010-02-05 01:01 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-02-28 02:15 . 2009-03-31 17:33 -------- d-----w- c:\program files\HiFi 2010-02-28 02:15 . 2009-03-31 17:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HiFi 2010-02-23 00:15 . 2010-02-23 00:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2010-02-23 00:13 . 2010-02-23 00:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2010-02-23 00:12 . 2010-02-23 00:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2010-02-23 00:07 . 2007-12-16 23:47 -------- d-----w- c:\program files\Zune 2010-02-23 00:04 . 2010-02-23 00:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2010-02-23 00:04 . 2010-02-23 00:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-10 19:51 . 2008-03-22 18:21 -------- d-----w- c:\program files\Winamp 2010-02-10 19:50 . 2010-02-10 19:50 -------- d-----w- c:\program files\Winamp Detect 2010-02-05 05:34 . 2008-07-20 15:55 -------- d-----w- c:\program files\DivX 2010-02-05 05:34 . 2010-02-05 05:34 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-05 00:59 . 2007-08-24 21:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\teamspeak2 2010-02-03 01:48 . 2010-02-03 01:48 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-01-27 05:27 . 2006-05-07 02:59 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 05:27 . 2010-01-27 05:27 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\msvcp71.dll 2010-01-27 05:27 . 2010-01-27 05:27 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\jmc.dll 2010-01-27 05:27 . 2010-01-27 05:27 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\msvcr71.dll 2010-01-27 05:27 . 2010-01-27 05:27 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5718b33f-n\decora-sse.dll 2010-01-27 05:27 . 2010-01-27 05:27 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5718b33f-n\decora-d3d.dll 2010-01-27 01:27 . 2009-08-18 00:16 -------- d-----w- c:\program files\LogMeIn 2010-01-27 01:25 . 2009-05-28 08:32 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-01-27 01:25 . 2009-05-28 08:32 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-01-27 01:25 . 2009-05-28 08:31 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-01-27 01:25 . 2008-10-17 00:35 11552 -c--a-w- c:\windows\system32\lmimirr2.dll 2010-01-27 01:25 . 2008-10-17 00:35 25248 -c--a-w- c:\windows\system32\lmimirr.dll 2010-01-26 18:14 . 2010-01-26 18:14 9662 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\ARPPRODUCTICON.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut5_B59B9F867A66400BA298B66073489B0E.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut4_D1E8A80CC3A24AAF8E30F5ABF53C6D0C.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut3_4DD4BB66BF1F4071BCF135B4A1993758.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut1_C8C9B4FBC9A546C7B2F9B5D62B43F31F.exe 2010-01-22 17:37 . 2007-08-31 04:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus 2010-01-22 02:16 . 2009-04-01 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 02:14 . 2009-05-27 18:28 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-12 04:03 . 2009-05-01 02:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03 . 2009-05-01 02:02 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03 . 2009-05-01 02:02 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03 . 2008-05-16 18:01 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03 . 2006-05-07 03:13 592488 -c--a-w- c:\windows\system32\nvudisp.exe 2010-01-12 04:03 . 2006-05-07 03:13 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03 . 2006-05-07 03:13 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03 . 2006-05-07 03:13 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03 . 2006-05-07 03:13 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03 . 2006-05-07 03:13 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03 . 2006-05-07 03:13 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-09 20:08 . 2010-01-09 20:08 10686001 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Azureus\plugins\azump\mplayer.exe 2010-01-07 21:07 . 2009-04-01 02:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2009-04-01 02:36 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2010-01-07 19:38 . 2010-01-07 19:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2010-01-07 19:22 . 2008-03-06 03:46 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2010-01-07 19:22 . 2008-03-06 03:46 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2010-01-07 19:22 . 2007-11-16 02:38 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys 2010-01-05 10:00 . 2004-08-10 04:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-10 04:00 353792 ------w- c:\windows\system32\drivers\srv.sys 2009-12-25 21:37 . 2009-12-25 21:37 6868368 ----a-w- c:\documents and settings\HP_Administrator\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe 2009-12-17 22:14 . 2008-11-25 00:59 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43 . 2004-08-10 04:00 343040 ------w- c:\windows\system32\mspaint.exe 2009-07-01 17:26 . 2009-07-01 17:22 127804 -c--a-w- c:\program files\Uninstal.exe 2009-05-26 02:30 . 2009-05-26 02:29 53411556 -c--a-w- c:\program files\FSBuild(2).zip 2009-03-02 21:00 . 2009-03-02 20:58 51688761 -c--a-w- c:\program files\FSBuild.zip 2008-07-23 03:37 . 2008-07-18 16:52 12095 -c--a-w- c:\program files\PaintInfo.txt 2002-07-26 22:02 . 2008-08-04 21:17 153088 ----a-w- c:\program files\UNWISE.EXE 2007-08-25 03:14 . 2007-08-25 03:14 90 -csh--w- c:\windows\cnerolf.dat 2008-12-23 01:10 . 2008-12-23 01:10 13560 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [email protected]_19.23.56 ))))))))))))))))))))))))))))))))))))))))) . - 2005-08-31 04:07 . 2009-12-09 09:24 72256 c:\windows\system32\perfc009.dat + 2005-08-31 04:07 . 2010-03-16 00:00 72256 c:\windows\system32\perfc009.dat - 2005-08-31 04:02 . 2009-04-01 05:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-08-31 04:02 . 2010-03-15 17:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2005-08-30 20:51 . 2009-04-01 05:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2005-08-30 20:51 . 2010-03-15 17:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-03-15 17:28 . 2010-03-15 17:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2005-08-30 20:51 . 2009-04-01 05:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-03-10 23:18 . 2010-03-10 23:18 14534 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\SystemFolder_msiexec.exe + 2010-03-10 23:18 . 2010-03-10 23:18 12862 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\rexwxengine2.exe + 2010-03-10 23:18 . 2010-03-10 23:18 56834 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\rexupdate.exe + 2010-03-10 23:18 . 2010-03-10 23:18 12862 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\REX_icon.exe - 2005-08-31 04:07 . 2009-12-09 09:24 443434 c:\windows\system32\perfh009.dat + 2005-08-31 04:07 . 2010-03-16 00:01 443434 c:\windows\system32\perfh009.dat + 2010-01-27 05:27 . 2008-06-10 06:32 139264 c:\windows\system32\javaws.exe + 2010-01-27 05:27 . 2008-06-10 05:21 135168 c:\windows\system32\javaw.exe + 2010-01-27 05:27 . 2008-06-10 05:21 135168 c:\windows\system32\java.exe + 2004-08-10 04:00 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe - 2004-08-10 04:00 . 2008-04-14 00:12 3558912 c:\windows\system32\dllcache\moviemk.exe + 2010-03-10 23:18 . 2010-03-10 23:18 1489408 c:\windows\Installer\1a823b9.msi + 2010-03-13 21:03 . 2010-03-13 21:03 5527040 c:\windows\Installer\11a05e4.msp + 2010-03-13 21:01 . 2010-03-13 21:01 3940352 c:\windows\Installer\11a05d4.msi + 2009-10-28 01:34 . 2009-10-28 01:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll + 2007-08-26 12:37 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ trillian.exe.lnk - c:\program files\Trillian\trillian.exe [2010-2-10 1930592] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] Source= c:\pictures\ST4.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\pictures\HH7.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source= c:\pictures\LucyL.bmp FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source= c:\pictures\LT.bmp FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] Source= c:\pictures\friendstvposter010.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5] Source= C:\back.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6] Source= c:\pictures\Jennifer-Connelly_black and white_less_top.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7] Source= c:\pictures\AJJ.bmp FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-01-27 01:25 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1422:UDP"= 1422:UDP:Windows Media Format SDK (wmplayer.exe) "1423:UDP"= 1423:UDP:Windows Media Format SDK (wmplayer.exe) "1424:UDP"= 1424:UDP:Windows Media Format SDK (wmplayer.exe) R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [10/22/2007 1:27 AM 81356] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 1:27 PM 1074568] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2009 10:36 PM 236368] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/7/2010 4:06 AM 632792] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [10/22/2007 1:28 AM 39182] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [10/22/2007 1:28 AM 9804] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2009 10:36 PM 19160] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2007 1:44 PM 194304] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [8/28/2005 9:04 PM 44032] R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [12/22/2007 9:21 PM 179968] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/4/2007 7:57 PM 716272] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2009 3:40 AM 135664] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 7:44 PM 580992] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/1/2009 9:32 PM 14424] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [3/13/2010 4:44 PM 27064] S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [8/25/2007 1:23 PM 6085] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/7/2008 12:25 AM 24652] . Contents of the 'Scheduled Tasks' folder 2010-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-02 18:57] 2007-10-23 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23] 2010-03-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-24 17:28] 2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 07:40] 2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 07:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: turbotax.com FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.flightaware.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\MOZILLA FIREFOX\plugins\np-mswmp.dll FF - plugin: c:\program files\MOZILLA FIREFOX\plugins\npwachk.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: content.notify.backoffcount - 5 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.cache.memory.capacity - 65536c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-03-15 20:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(896) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2010-03-15 20:20:15 ComboFix-quarantined-files.txt 2010-03-16 00:20 ComboFix2.txt 2010-03-13 21:37 ComboFix3.txt 2010-03-09 19:25 Pre-Run: 38,495,465,472 bytes free Post-Run: 38,554,898,432 bytes free Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 - - End Of File - - 1AD7D456D1ED0C9A74E57610444BAE2D Upload was successful The DDS scanner will not run now, upon double clicking the shortcut, XP verifies that I want to run it I select Run cmd.exe opens for a sec as if it will run then closes.
  5. As promised -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, March 15, 2010 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, March 15, 2010 03:20:20 Records in database: 3800311 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ G:\ H:\ I:\ J:\ Z:\ Scan statistics: Objects scanned: 481990 Threats found: 17 Infected objects found: 66 Suspicious objects found: 0 Scan duration: 11:25:33 File name / Threat / Threats count C:\Documents and Settings\Administrator\My Documents\Downloads\backups\backup-20100307-032358-328.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.aj 1 C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\21\25f85995-1c6be6fd Infected: Trojan-Downloader.Java.OpenStream.ad 1 C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\FSBuild V2.2.zip Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\FSBuild2\FSBuildUpdate22.exe Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\Documents and Settings\HP_Administrator\My Documents\Azureus Downloads\FSBuild2.zip Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\Flight One Software\FS2Crew_Setup.exe Infected: Trojan.Win32.Genome.dzvb 1 C:\FSuild\FSBuild 2.2\FSBuildUpdate22.exe Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe Infected: Trojan-Spy.Win32.Agent.bdzz 1 C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\RecordnowLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\RunLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe Infected: Trojan-Spy.Win32.Agent.beaf 1 C:\My Music\The Chambers Brothers - Time has come Today.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Program Files\FSBuild\FSBuild 2.2\FSBuildUpdate22.exe Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\Program Files\FSBuild(2).zip Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\Program Files\FSBuild.zip Infected: not-a-virus:AdWare.Win32.Rabio.ek 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\afcipmqv.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\amprxsvp.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\bqtdelbv.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\csgaculh.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ctaaxydk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.rkn 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dfchtjlk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.trd 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dihadhfg.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\dlktcgnb.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\emhuglsj.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\facjcrtk.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fvkwqtqp.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\guyvpcxv.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hbjqwhlu.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hdjsakmq.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\iacgwyfr.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ieecqutb.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\iiejcaoe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.rkn 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\itjmduff.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kqkwmcts.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\lsvkmqat.dll.vir Infected: Trojan-Downloader.Win32.ConHook.te 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\mhhvlmbe.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\mvuafadv.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\nkgevlum.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tbs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\pbmccoam.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rnnmpafy.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rolqruow.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rrjitvdt.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\unrqeeqa.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\vpyudfyp.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\vtoeeqdc.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\xeitxvbx.dll.vir Infected: Trojan.Win32.Monder.gen 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\yhaqycqr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.srg 1 C:\Qoobox\Quarantine\D\Autorun.inf.vir Infected: Worm.Win32.AutoRun.hbz 1 C:\Qoobox\Quarantine\D\av1.zip Infected: Worm.Win32.AutoRun.hbz 1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP3\A0000503.exe Infected: Trojan.Win32.FraudPack.aops 1 C:\WINDOWS\system32\cnswtpva.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\fdrbeuxr.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\fegfxxxg.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\heyhwfdx.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\ltsannoc.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\tduachda.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\thgslbhv.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\ukqjvacb.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\system32\votcftxb.exe Infected: Trojan.Win32.Agent.zae 1 C:\WINDOWS\Web\Wallpaper\welcome\AWhelper.dll Infected: not-a-virus:AdWare.Win32.WebHancer.x 1 D:\Autorun.inf Infected: Worm.Win32.AutoRun.hbz 1 Selected area has been scanned. DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 13:07:46.40 on Mon 03/15/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2304 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {00000000-0000-0000-0000-000000000000} - No File TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\trilli~1.lnk - c:\program files\trillian\trillian.exe IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 Trusted Zone: turbotax.com DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\ichlw2ku.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.flightaware.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: content.notify.backoffcount - 5 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.cache.memory.capacity - 65536c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2007-10-22 81356] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-28 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-31 236368] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-7 632792] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2007-10-22 39182] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2007-10-22 9804] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-31 19160] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-8-24 194304] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [2005-8-28 44032] R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2007-12-22 179968] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 135664] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-10-1 14424] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-3-13 27064] S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2007-8-25 6085] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-7 1247600] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-7 24652] =============== Created Last 30 ================ 2010-03-13 20:44:15 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2010-03-13 20:44:13 0 d-----w- c:\program files\VS Revo Group 2010-03-13 16:13:20 0 d-----w- c:\program files\Ask.com 2010-03-12 06:28:27 152628 ----a-w- C:\-2010-mar-12-002.jpg 2010-03-12 06:20:35 110246 ----a-w- C:\Near MMPR at FL330.jpg 2010-03-10 23:14:51 0 d-----w- c:\program files\Real Environment Xtreme FS2004 2010-03-10 10:19:08 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Registry Mechanic 2010-03-10 01:19:31 0 d-----w- C:\xp_exe_fix 2010-03-09 18:38:22 98816 ----a-w- c:\windows\sed.exe 2010-03-09 18:38:22 77312 ----a-w- c:\windows\MBR.exe 2010-03-09 18:38:22 261632 ----a-w- c:\windows\PEV.exe 2010-03-09 18:38:22 161792 ----a-w- c:\windows\SWREG.exe 2010-03-07 19:23:38 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-03-07 19:23:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-03-07 08:06:50 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2010-03-07 08:06:50 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2010-03-07 08:06:50 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2010-03-07 08:06:49 0 d-----w- c:\program files\common files\PC Tools 2010-03-06 23:09:24 10012 ----a-w- C:\Alaska Airlines And Horizon Air Routes.xlsx 2010-03-06 22:21:51 139809 ----a-w- C:\ASAconcorde.jpg 2010-03-06 06:43:05 787508 ----a-w- C:\dh8400_main.bmp 2010-03-05 22:03:44 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-03-05 22:03:32 0 d-----w- c:\program files\NVIDIA Corporation 2010-03-05 22:02:49 9047 ----a-w- c:\windows\system32\nvinfo.pb 2010-03-05 22:02:49 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-05 22:02:46 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-03-01 17:50:56 15015 ----a-w- C:\EPRtable.odt 2010-02-23 00:15:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2010-02-23 00:13:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2010-02-23 00:12:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2010-02-23 00:04:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2010-02-23 00:04:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-23 00:04:36 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-02-23 00:01:24 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-02-23 00:01:24 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2010-02-23 00:01:24 317952 ------w- c:\windows\system32\imapi2.dll 2010-02-23 00:01:24 317952 ------w- c:\windows\system32\dllcache\imapi2.dll ==================== Find3M ==================== 2010-01-27 01:25:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-01-27 01:25:33 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-01-27 01:25:33 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-01-27 01:25:33 25248 -c--a-w- c:\windows\system32\lmimirr.dll 2010-01-27 01:25:33 11552 -c--a-w- c:\windows\system32\lmimirr2.dll 2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03:33 592488 -c--a-w- c:\windows\system32\nvudisp.exe 2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03:33 10276768 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys 2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2010-01-07 19:38:10 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2010-01-07 19:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2010-01-07 19:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2010-01-07 19:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2010-01-07 19:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2010-01-07 19:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2010-01-07 19:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-12-17 22:14:00 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe 2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe 2009-07-01 17:26:19 127804 -c--a-w- c:\program files\Uninstal.exe 2009-05-26 02:30:44 53411556 -c--a-w- c:\program files\FSBuild(2).zip 2009-03-02 21:00:23 51688761 -c--a-w- c:\program files\FSBuild.zip 2008-07-23 03:37:38 12095 -c--a-w- c:\program files\PaintInfo.txt 2002-07-26 22:02:06 153088 ----a-w- c:\program files\UNWISE.EXE 2007-08-25 03:14:21 90 -csh--w- c:\windows\cnerolf.dat 2008-12-23 01:10:50 13560 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-04-01 05:32:59 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat ============= FINISH: 13:08:06.73 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/24/2007 1:33:11 PM System Uptime: 3/14/2010 9:25:34 PM (16 hours ago) Motherboard: ASUSTek Computer INC. | | NAGAMI2 Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2004/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 224 GiB total, 36.184 GiB free. D: is FIXED (FAT32) - 9 GiB total, 0.444 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable Z: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01 Manufacturer: NVIDIA Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01 Service: NVENETFD ==== System Restore Points =================== RP1: 3/9/2010 1:55:31 PM - System Checkpoint RP2: 3/10/2010 5:54:30 PM - System Checkpoint RP3: 3/10/2010 6:14:43 PM - Installed Real Environment Xtreme FS2004 RP4: 3/11/2010 3:00:20 AM - Software Distribution Service 3.0 RP5: 3/12/2010 5:05:58 AM - System Checkpoint RP6: 3/13/2010 11:07:30 AM - System Checkpoint RP7: 3/13/2010 11:12:36 AM - Removed Ask.com Toolbar. RP8: 3/13/2010 11:13:20 AM - Removed Ask.com Toolbar. RP9: 3/13/2010 3:48:21 PM - Revo Uninstaller Pro's restore point - Ask.com Toolbar RP10: 3/13/2010 3:53:25 PM - Revo Uninstaller Pro's restore point - Adobe Reader 8.1.4 RP11: 3/13/2010 3:54:00 PM - Removed Adobe Reader 8.1.4 RP12: 3/13/2010 4:01:11 PM - Installed Adobe Reader 9.3. ==== Installed Programs ====================== Flight One Software Meridian 2004 µTorrent 737-300 Pilot in Command 737 Pilot in Command - 400/500 Upgrade ABBYY FineReader 5.0 Sprint AceIt v1.3.1 Active AirSource v3.27 Active Camera 2004 fix version 2.1 (FS9.0) Active Camera 2004 version 2.1 for FS 9.0 Active Sky Advanced Active Sky Evolution [email protected] ISO Burner v 1.1 Adobe Acrobat 7.0 Professional Adobe Acrobat 7.1.0 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.1 aerosoft's - AES-Base&&AirportPack - FS2004 aerosoft's - Brussels 2007 aerosoft's - Commuter Airliners (Eurowings 2004) aerosoft's - London Heathrow 2008 aerosoft's - Mega Airport Frankfurt - FS2004 aerosoft's - Paris CDG 2005 - FS2004 aerosoft's - Piper Cheyenne Aeroworx X-treme King Air B200 v.2.1 Update Aeroworx X-treme King Air B200 v.2.2 Patch Agere Systems PCI-SV92PP Soft Modem AIM 6 AIM Toolbar AiO_Scan AiOSoftware Airbus Series Vol.1 (FS2004) Airbus Series Vol.1 Deluxe Upgrade (FS2004) Airbus Vol 1 Call 1.0 Airline Pack E-170 FS9/FSX (version 1.1) Alien Outbreak 2 ALMATY9 V2.0 ALUpdate ALZip Ancient Sudoku AnswerWorks 4.0 Runtime - English Apple Software Update ArcSoft PhotoImpression 6 Ariane Boeing 737-700 Ng V3 Ariane Boeing 737-800 Ng V3 Ariane Boeing 737-900 ER NavDATA Ariane Boeing 737-Ng NavDATA ATC Career Prep Software Suite Audacity 1.2.6 AudibleManager Auto Updater AutoUpdate Bejeweled 2 Deluxe Big Kahuna Reef Blackhawk Striker 2 Blasterball 2 Remix Blasterball 2 Revolution Boeing 737-600 Ng Splash & Backgrounds Boeing 737-900 Ng CFM56 7b 26 SOUND PART ONE Boeing 737-900 Ng CFM56 7b 26 SOUND PART TWO Boeing 757 Professional 2006 Bookworm Deluxe Bounce Symphony BufferChm Cancun_2005 Carenado C 152 II CCleaner (remove only) Chuzzle Deluxe Class_50_Content_Update CLOUD9 LosAngeles 1.01 CLOUD9 Washington 1.01 Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CRJ Experience CRJ New Generation CueTour Customer Experience Enhancement CYWG (Winnipeg Int Airport) V1.01 for FS2004 Dallas Delta Virtual Airlines ACARS Delta Virtual Airlines ACARS (beta) 2.2 Delta Virtual Airlines ACARS 2.2 Delta Virtual Airlines DC-6 (FS2004) Delta Virtual Airlines DC-8 (FS2004) Destinations Digital Aviation's - Dornier Do-27 Diner Dash DISCover DivX DivX Plus Web Player DocProc DocumentViewer Download Updater (AOL LLC) DVD and CD Designer DVD Burning Xpress 3.30 E-Jets Series (FS2004) Eaglesoft Development Group Citation X 2.0 FS9 Easy CD Creator 5 Basic Easy DVD Rip Easy Internet Sign-up Easy Video Joiner 5.21 Easy Video Splitter 1.28 Eiresim Dublin 2009 Encode360 Enhanced Multimedia Keyboard Solution Expstudio Audio Editor FREE Fairies Family Feud FATE Fax FeelThere ERJ v.2 FeelThere PIC ERJ-145LR 1.0 FlightZone 02: Portland Flip Words Fly the MADDOG 2008 - Professional Edition Fly the MADDOG 2008 liveries Fokker 70-100 FREE Hi-Q Recorder 1.9 FS Online Center 2007 FS Online Center 2007 V2 FS Real Time v1.83 FS2Crew MD-11 UK & Eurozone Voice Set FS2Crew Start Center FS2Crew Start Center April 2009 FS2Crew: Flight1 ATR Edition FSAutoStart FSBuild 2 FSDreamTeam Ohare9 1.1.1 FSDreamTeam Zurich9 1.3 FSFDT FSCopilot FSFDT FSInn FSWXR2100 Version 1.4.1 GARMIN 500 Series Trainer GemMaster Mystic Google Toolbar for Internet Explorer Google Update Helper Google Updater Greatest Airliners: 727 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 10 (KB910393) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Driver Diagnostics HP DVD Play 2.1 HP Game Console HP Image Zone 4.2 HP Product Assistant HP PSC & OfficeJet 4.2 HP Rhapsody HP Solution Center and Imaging Support Tools 6.1 HP Update HP Web Helper HPODiscovery HPProductAssistant HpSdpAppCoreApp HPSystemDiagnostics HyperCam 2 iDailyDiary 3.41 Insaniquarium Deluxe InstantShare J2SE Runtime Environment 5.0 Update 5 Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java(tm) 6 Update 13 Java(tm) 6 Update 18 Java(tm) 6 Update 2 Java(tm) 6 Update 3 Java(tm) 6 Update 4 Java(tm) 6 Update 5 Java(tm) 6 Update 7 JeppView / JeppView FliteDeck Jewel Quest JustFlight 777 Professional K-Lite Codec Pack 3.3.0 Full KATL Atlanta KBWI2k5v2 KDEN Denver KEWR Newark KIND v1.1.1 2009 for FS9 KIND v1.1.1 for FS9 KLGA La Guardia KMCI Kansas City KMCO v1.1.1 for FS9 KMSP v1.1.1 for FS2004 LAGO Twin Otter Version 2.00 Legacy 'The Luxury Aircraft Collection' Level-D Simulations 767-300 Lexmark X1100 Series LightScribe 1.4.84.1 Logitech Audio Echo Cancellation Component Logitech ImageStudio LogMeIn LogMeIn Hamachi Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Magic ISO Maker v5.5 (build 0273) MagicDisc 2.7.106 Mah Jong Quest Malwarebytes' Anti-Malware Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Away Mode Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator 2004 A Century of Flight Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Money 2006 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Edition 60 Days Trial Welcome Tour Microsoft Office 97, Professional Edition Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 6.0 Professional Edition Microsoft WinUsb 1.0 Microsoft Works Microsoft XML Parser Mozilla Firefox (3.6) MSDN Library - Visual Studio 6.0a MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 MyActiveAirSource Mystery Case Files Mz Ultimate Tweaker v5.9 Navigraph nDAC 3 NCalc 5.1.0 neroxml Netscape Browser (remove only) Netscape Navigator (9.0.0.3) NVIDIA Drivers NVIDIA nView Desktop Manager OpenOffice.org 3.1 Otto Overland OVT Scanner Payload_Planner PC-Doctor 5 for Windows PeerBlock 1.0.0 (r181) PerSono Pro PerSono Pro Install Photo DVD Maker Professional 6.51 PhotoGallery Pinnacle Instant DVD Recorder PMDG 747-400F GE Atlas PMDG 747-400F GE Polar Air Cargo PMDG 747-400F PW FedEx PMDG MD-11 FS9 PMDG747_400 Queen of the Skies PMDG747_400F PMDGMD11_FS9_GE_AA PMDGMD11_FS9_GE_CO PMDGMD11_FS9_GE_KL1 PMDGMD11_FS9_GE_NA PMDGMD11_FS9_GEF_FXF1 PMDGMD11_FS9_GEF_GRF2 PMDGMD11_FS9_GEF_LHF1 PMDGMD11_FS9_GEF_WOF1 PMDGMD11_FS9_PW_DL PMDGMD11_FS9_PW_DL1 PMDGMD11_FS9_PW_DL2 PMDGMD11_FS9_PW_DL3 PMDGMD11_FS9_PW_NW PMDGMD11_FS9_PW_UA2 PMDGMD11_FS9_PW_WO1 PMDGMD11_FS9_PW_WO2 PMDGMD11_FS9_PWF_5XF PMDGMD11_FS9_PWF_FXF PMDGMD11_FS9_PWF_WOF Poker Superstars Polar Bowler Polar Golfer PrintScreen proDAD Heroglyph 2.5 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder Quad Cities International Airport by M1DG Quicken 2006 QuickProjects QuickTime Readme Real Environment Xtreme FS2004 RealPlayer Realtek High Definition Audio Driver Registry Mechanic 9.0 Remove UK2000 Birmingham Xtreme files Revo Uninstaller Pro 2.1.1 Ricochet Lost Worlds Roger Wilco Saitek SST Programming Software Scan SCRABBLE SD40-2_Content_Update Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) SI Calendar 2009 Sim-Wings - Nice Cote d'Azur SkinsHP1 Skypeâ„¢ 4.1 Slingo Deluxe SmartSound Quicktracks Plugin Smith Designs KATL AFCAD Update Snowy The Bears Adventure SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy Studio 10 Studio 10 Bonus DVD Studio 10.8 Patch Sumatra PDF reader Super Granny Symantec KB-DocID:2003093015493306 System Requirements Lab TBPB v1.1.1 for FS9 TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 TeamSpeak 3 Client Tennis Titans Text-o-Matic The FFS Saab 340 Base Installer The FFS Saab 340 Update Tornado Jockey Tradewinds TrayApp Trillian TurboTax Premier 2007 Ulead Disc-Direct SDK Ultimate Terrain - USA Uninstall OVT Scanner Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) US ACARS 2.2 VAT-Spy VC80CRTRedist - 8.0.50727.4053 VCRedistSetup Version 1.0 VHHH Hong Kong FS2004 Viewpoint Media Player VRC Vuze WeatherBug WebFldrs XP WebReg Wee Tune Beastie Winamp Winamp Detector Plug-in Winamp Toolbar for Internet Explorer WinAVI Video Converter Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows Presentation Foundation Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinFast PVR WingMan Software Wings of Power: B17 Flying Fortress Wings of Power: P51D/H Mustang X-treme King Air B200 v.2.0.1 XML Paper Specification Shared Components Pack 1.0 XviD & MP3 Codec Pack (remove only) XviD 1.1 final uninstall Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar Zune Zune Language Pack (DE) Zune Language Pack (ES) Zune Language Pack (FR) Zune Language Pack (IT) ==== Event Viewer Messages From Past Week ======== 3/9/2010 8:19:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/9/2010 8:16:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 ASPI32 cdudf_xp Fips ftsata2 PCLEPCI 3/9/2010 1:38:22 PM, error: SRService [104] - The System Restore initialization process failed. 3/9/2010 1:38:22 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified. 3/8/2010 3:07:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 3/8/2010 2:17:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/14/2010 9:22:32 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates. 3/14/2010 12:48:28 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00146C661794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 3/13/2010 4:18:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SamSs service. 3/13/2010 4:17:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ProtectedStorage service. 3/13/2010 4:16:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service. 3/13/2010 4:16:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service. 3/13/2010 4:10:22 AM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s). 3/13/2010 2:45:21 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1. 3/11/2010 12:17:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde 3/11/2010 12:17:24 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/11/2010 12:17:24 AM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/11/2010 12:15:55 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/11/2010 12:04:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 ASPI32 cdudf_xp Fips ftsata2 IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip WS2IFSL 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:04:04 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/11/2010 12:03:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/10/2010 8:10:35 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.FlightSimulator.SimConnect . Reference error message: The referenced assembly is not installed on your system. . 3/10/2010 8:10:35 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\HiFi\ASE\Microsoft.FlightSimulator.SimConnect.dll. Reference error message: The operation completed successfully. . 3/10/2010 8:10:35 PM, error: SideBySide [32] - Dependent Assembly Microsoft.FlightSimulator.SimConnect could not be found and Last Error was The referenced assembly is not installed on your system. 3/10/2010 10:32:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 ==== End Of File ===========================
  6. Ask.com toolbar was removed and the Acrobat reader is up to 9.3.1, and ATF cleaner cleaned under Main and Firefox ComboFix 10-03-08.02 - HP_Administrator 03/13/2010 16:21:34.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2496 [GMT -5:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 ))))))))))))))))))))))))))))))) . 2010-03-13 20:44 . 2010-03-13 20:44 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\VS Revo Group 2010-03-13 20:44 . 2009-12-30 16:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys 2010-03-13 20:44 . 2010-03-13 20:44 -------- d-----w- c:\program files\VS Revo Group 2010-03-13 16:13 . 2010-03-13 20:50 -------- d-----w- c:\program files\Ask.com 2010-03-13 16:13 . 2010-03-13 16:13 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AskSuperBar 2010-03-10 23:20 . 2010-03-12 04:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Real_Environment_Simulati 2010-03-10 23:14 . 2010-03-12 07:56 -------- d-----w- c:\program files\Real Environment Xtreme FS2004 2010-03-10 10:19 . 2010-03-10 10:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Registry Mechanic 2010-03-10 01:19 . 2010-03-10 01:19 -------- d-----w- C:\xp_exe_fix 2010-03-08 19:14 . 2010-03-08 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue 2010-03-07 22:35 . 2010-03-07 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESTsoft 2010-03-07 19:23 . 2010-03-07 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-07 19:23 . 2010-03-07 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-07 18:45 . 2010-03-07 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian 2010-03-07 08:06 . 2010-03-07 08:06 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-07 06:08 . 2010-03-07 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-03-07 05:54 . 2010-03-07 05:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-03-07 05:53 . 2010-03-07 05:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\teamspeak2 2010-03-07 05:13 . 2010-03-07 05:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-03-05 22:03 . 2010-03-05 22:04 -------- d-----w- c:\program files\NVIDIA Corporation 2010-03-05 22:02 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-05 22:02 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-02-28 18:31 . 2010-01-22 17:13 3858432 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll 2010-02-28 18:31 . 2010-01-22 16:49 8520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\ractrlkeyhook.dll 2010-02-28 18:31 . 2010-01-22 16:49 70984 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIProxyHelper.exe 2010-02-28 18:31 . 2010-01-22 16:46 574768 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardianDll.dll 2010-02-28 18:31 . 2010-01-22 16:46 15664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardianEvt.dll 2010-02-28 18:31 . 2010-01-22 16:46 83256 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardian.exe 2010-02-28 02:15 . 2010-02-28 02:15 15086 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{FB56079B-7D0C-4D1D-864A-09BA159CC31B}\ARPPRODUCTICON.exe 2010-02-23 00:04 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-02-23 00:01 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-02-23 00:01 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2010-02-23 00:01 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2010-02-23 00:01 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-13 21:17 . 2009-06-16 18:09 -------- d-----w- c:\program files\Trillian 2010-03-13 21:06 . 2008-07-10 22:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype 2010-03-13 21:01 . 2006-05-07 03:39 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-13 17:40 . 2009-07-30 19:09 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-13 16:37 . 2009-02-28 19:30 -------- d-----w- c:\program files\FSBuild 2010-03-13 15:49 . 2008-07-10 22:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM 2010-03-12 17:51 . 2007-08-24 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GRLevel3 2010-03-12 08:56 . 2010-01-22 03:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent 2010-03-12 08:56 . 2009-10-02 01:32 -------- d-----w- c:\program files\PeerBlock 2010-03-12 07:40 . 2009-12-15 07:24 -------- d-----w- c:\program files\MyActiveAirSource 2010-03-11 20:58 . 2008-06-15 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-10 10:19 . 2007-11-05 19:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-10 09:29 . 2010-01-22 03:44 -------- d-----w- c:\program files\uTorrent 2010-03-09 18:09 . 2006-05-07 03:30 67360 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-07 08:24 . 2006-05-07 03:58 -------- d-----w- c:\program files\Google 2010-03-07 07:49 . 2008-05-10 18:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-07 05:05 . 2007-08-24 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Plantronics 2010-03-06 04:14 . 2006-05-07 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-06 03:32 . 2010-02-05 01:01 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-02-28 02:15 . 2009-03-31 17:33 -------- d-----w- c:\program files\HiFi 2010-02-28 02:15 . 2009-03-31 17:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HiFi 2010-02-23 00:15 . 2010-02-23 00:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2010-02-23 00:13 . 2010-02-23 00:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2010-02-23 00:12 . 2010-02-23 00:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2010-02-23 00:07 . 2007-12-16 23:47 -------- d-----w- c:\program files\Zune 2010-02-23 00:04 . 2010-02-23 00:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2010-02-23 00:04 . 2010-02-23 00:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-10 19:51 . 2008-03-22 18:21 -------- d-----w- c:\program files\Winamp 2010-02-10 19:50 . 2010-02-10 19:50 -------- d-----w- c:\program files\Winamp Detect 2010-02-05 05:34 . 2008-07-20 15:55 -------- d-----w- c:\program files\DivX 2010-02-05 05:34 . 2010-02-05 05:34 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-05 00:59 . 2007-08-24 21:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\teamspeak2 2010-02-03 01:48 . 2010-02-03 01:48 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-01-27 05:27 . 2006-05-07 02:59 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 05:27 . 2010-01-27 05:27 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\msvcp71.dll 2010-01-27 05:27 . 2010-01-27 05:27 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\jmc.dll 2010-01-27 05:27 . 2010-01-27 05:27 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\msvcr71.dll 2010-01-27 05:27 . 2010-01-27 05:27 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5718b33f-n\decora-sse.dll 2010-01-27 05:27 . 2010-01-27 05:27 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5718b33f-n\decora-d3d.dll 2010-01-27 05:27 . 2006-05-07 02:59 -------- d-----w- c:\program files\Java 2010-01-27 01:27 . 2009-08-18 00:16 -------- d-----w- c:\program files\LogMeIn 2010-01-27 01:25 . 2009-05-28 08:32 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-01-27 01:25 . 2009-05-28 08:32 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-01-27 01:25 . 2009-05-28 08:31 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-01-27 01:25 . 2008-10-17 00:35 11552 -c--a-w- c:\windows\system32\lmimirr2.dll 2010-01-27 01:25 . 2008-10-17 00:35 25248 -c--a-w- c:\windows\system32\lmimirr.dll 2010-01-26 18:14 . 2010-01-26 18:14 9662 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\ARPPRODUCTICON.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut5_B59B9F867A66400BA298B66073489B0E.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut4_D1E8A80CC3A24AAF8E30F5ABF53C6D0C.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut3_4DD4BB66BF1F4071BCF135B4A1993758.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut1_C8C9B4FBC9A546C7B2F9B5D62B43F31F.exe 2010-01-22 17:37 . 2007-08-31 04:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus 2010-01-22 02:16 . 2009-04-01 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 02:14 . 2009-05-27 18:28 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-12 04:03 . 2009-05-01 02:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03 . 2009-05-01 02:02 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03 . 2009-05-01 02:02 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03 . 2008-05-16 18:01 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03 . 2006-05-07 03:13 592488 -c--a-w- c:\windows\system32\nvudisp.exe 2010-01-12 04:03 . 2006-05-07 03:13 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03 . 2006-05-07 03:13 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03 . 2006-05-07 03:13 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03 . 2006-05-07 03:13 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03 . 2006-05-07 03:13 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03 . 2006-05-07 03:13 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-09 20:08 . 2010-01-09 20:08 10686001 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Azureus\plugins\azump\mplayer.exe 2010-01-07 21:07 . 2009-04-01 02:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2009-04-01 02:36 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2010-01-07 19:38 . 2010-01-07 19:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2010-01-07 19:22 . 2008-03-06 03:46 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2010-01-07 19:22 . 2008-03-06 03:46 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2010-01-07 19:22 . 2007-11-16 02:38 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys 2010-01-05 10:00 . 2004-08-10 04:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-10 04:00 353792 ------w- c:\windows\system32\drivers\srv.sys 2009-12-25 21:37 . 2009-12-25 21:37 6868368 ----a-w- c:\documents and settings\HP_Administrator\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe 2009-12-17 22:14 . 2008-11-25 00:59 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43 . 2004-08-10 04:00 343040 ------w- c:\windows\system32\mspaint.exe 2009-12-14 20:28 . 2009-12-14 20:28 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2009-12-14 20:28 . 2009-12-14 20:28 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2009-12-14 20:28 . 2009-12-14 20:28 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2009-12-14 07:08 . 2004-08-10 04:00 33280 ------w- c:\windows\system32\csrsrv.dll 2009-07-01 17:26 . 2009-07-01 17:22 127804 -c--a-w- c:\program files\Uninstal.exe 2009-05-26 02:30 . 2009-05-26 02:29 53411556 -c--a-w- c:\program files\FSBuild(2).zip 2009-03-02 21:00 . 2009-03-02 20:58 51688761 -c--a-w- c:\program files\FSBuild.zip 2008-07-23 03:37 . 2008-07-18 16:52 12095 -c--a-w- c:\program files\PaintInfo.txt 2002-07-26 22:02 . 2008-08-04 21:17 153088 ----a-w- c:\program files\UNWISE.EXE 2007-08-25 03:14 . 2007-08-25 03:14 90 -csh--w- c:\windows\cnerolf.dat 2008-12-23 01:10 . 2008-12-23 01:10 13560 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [email protected]_19.23.56 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-13 21:17 . 2010-03-13 21:17 16384 c:\windows\temp\Perflib_Perfdata_2d0.dat + 2010-03-10 23:18 . 2010-03-10 23:18 14534 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\SystemFolder_msiexec.exe + 2010-03-10 23:18 . 2010-03-10 23:18 12862 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\rexwxengine2.exe + 2010-03-10 23:18 . 2010-03-10 23:18 56834 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\rexupdate.exe + 2010-03-10 23:18 . 2010-03-10 23:18 12862 c:\windows\Installer\{46559469-7C15-49F4-BB76-21480BE1BEF4}\REX_icon.exe + 2004-08-10 04:00 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe - 2004-08-10 04:00 . 2008-04-14 00:12 3558912 c:\windows\system32\dllcache\moviemk.exe + 2010-03-10 23:18 . 2010-03-10 23:18 1489408 c:\windows\Installer\1a823b9.msi + 2010-03-13 21:03 . 2010-03-13 21:03 5527040 c:\windows\Installer\11a05e4.msp + 2010-03-13 21:01 . 2010-03-13 21:01 3940352 c:\windows\Installer\11a05d4.msi + 2009-10-28 01:34 . 2009-10-28 01:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll + 2007-08-26 12:37 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ trillian.exe.lnk - c:\program files\Trillian\trillian.exe [2010-2-10 1930592] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] Source= c:\pictures\ST4.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\pictures\HH7.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2] Source= c:\pictures\LucyL.bmp FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3] Source= c:\pictures\LT.bmp FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4] Source= c:\pictures\friendstvposter010.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5] Source= C:\back.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6] Source= c:\pictures\Jennifer-Connelly_black and white_less_top.jpg FriendlyName= [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7] Source= c:\pictures\AJJ.bmp FriendlyName= [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-01-27 01:25 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1422:UDP"= 1422:UDP:Windows Media Format SDK (wmplayer.exe) "1423:UDP"= 1423:UDP:Windows Media Format SDK (wmplayer.exe) "1424:UDP"= 1424:UDP:Windows Media Format SDK (wmplayer.exe) R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [10/22/2007 12:27 AM 81356] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [5/28/2009 3:32 AM 47640] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2009 9:36 PM 236368] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/7/2010 3:06 AM 632792] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [10/22/2007 12:28 AM 39182] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [10/22/2007 12:28 AM 9804] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2009 9:36 PM 19160] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2007 12:44 PM 194304] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [8/28/2005 8:04 PM 44032] R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [12/22/2007 8:21 PM 179968] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/4/2007 6:57 PM 716272] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/22/2009 2:40 AM 135664] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 6:44 PM 580992] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [10/1/2009 8:32 PM 14424] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [3/13/2010 3:44 PM 27064] S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [8/25/2007 12:23 PM 6085] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/6/2008 11:25 PM 24652] . Contents of the 'Scheduled Tasks' folder 2010-03-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-02 18:57] 2007-10-23 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23] 2010-03-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-24 17:28] 2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 07:40] 2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 07:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: turbotax.com FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.flightaware.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: content.notify.backoffcount - 5 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.cache.memory.capacity - 65536. - - - - ORPHANS REMOVED - - - - HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe SafeBoot-WudfPf SafeBoot-WudfRd ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-03-13 16:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(876) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(1336) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\mshtml.dll c:\windows\IME\SPGRMR.DLL c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\ImapiRoxPS.dll . Completion time: 2010-03-13 16:37:41 ComboFix-quarantined-files.txt 2010-03-13 21:37 ComboFix2.txt 2010-03-09 19:25 C:\DeQuarantine.txt Pre-Run: 39,015,411,712 bytes free Post-Run: 38,981,660,672 bytes free Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 - - End Of File - - 397A0057D4D5CC3BCAA229119F1399BF c:\qoobox\quarantine\D\Autorun.inf.vir -> D:\Autorun.inf ( 53 bytes ) c:\qoobox\quarantine\D\Autorun.inf.vir -> D:\Autorun.inf ( 53 bytes ) The KAS and new DDS logs are coming
  7. This is the log from the last ComboFix scan ComboFix 10-03-08.02 - Administrator 03/09/2010 14:11:11.2.2 - x86 NETWORK Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\program files\MW c:\program files\MW\TGATool2\TGATool2A.exe c:\program files\MW\TGATool2\unins000.dat c:\program files\MW\TGATool2\unins000.exe c:\windows\msdsry.dll c:\windows\system32\afcipmqv.dll c:\windows\system32\amprxsvp.dll c:\windows\system32\bqtdelbv.dll c:\windows\system32\csgaculh.dll c:\windows\system32\ctaaxydk.dll c:\windows\system32\dbgrscjf.ini c:\windows\system32\dfchtjlk.dll c:\windows\system32\dihadhfg.dll c:\windows\system32\dlktcgnb.dll c:\windows\system32\emhuglsj.dll c:\windows\system32\facjcrtk.dll c:\windows\system32\fvkwqtqp.dll c:\windows\system32\guyvpcxv.dll c:\windows\system32\hbjqwhlu.dll c:\windows\system32\hdjsakmq.dll c:\windows\system32\iacgwyfr.dll c:\windows\system32\ieecqutb.dll c:\windows\system32\iiejcaoe.dll c:\windows\system32\irhmdijw.ini c:\windows\system32\itjmduff.dll c:\windows\system32\kqkwmcts.dll c:\windows\system32\lsvkmqat.dll c:\windows\system32\mhhvlmbe.dll c:\windows\system32\mvuafadv.dll c:\windows\system32\nkgevlum.dll c:\windows\system32\pbmccoam.dll c:\windows\system32\rmedsjjc.ini c:\windows\system32\rnnmpafy.dll c:\windows\system32\rolqruow.dll c:\windows\system32\rrjitvdt.dll c:\windows\system32\sufhwhyb.ini c:\windows\system32\unrqeeqa.dll c:\windows\system32\vovjvshp.ini c:\windows\system32\vpyudfyp.dll c:\windows\system32\vtoeeqdc.dll c:\windows\system32\xeitxvbx.dll c:\windows\system32\yhaqycqr.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 ))))))))))))))))))))))))))))))) . 2010-03-08 19:14 . 2010-03-08 19:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue 2010-03-07 22:35 . 2010-03-07 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\ESTsoft 2010-03-07 19:23 . 2010-03-07 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-03-07 19:23 . 2010-03-07 19:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-03-07 18:45 . 2010-03-07 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trillian 2010-03-07 08:06 . 2010-03-07 08:06 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-07 06:08 . 2010-03-07 06:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-03-07 05:54 . 2010-03-07 05:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-03-07 05:53 . 2010-03-07 05:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\teamspeak2 2010-03-07 05:13 . 2010-03-07 05:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-03-05 22:03 . 2010-03-05 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2010-03-05 22:03 . 2010-03-05 22:04 -------- d-----w- c:\program files\NVIDIA Corporation 2010-03-05 22:02 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-05 22:02 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-02-28 18:31 . 2010-01-22 17:13 3858432 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll 2010-02-28 18:31 . 2010-01-22 16:49 8520 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\ractrlkeyhook.dll 2010-02-28 18:31 . 2010-01-22 16:49 70984 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIProxyHelper.exe 2010-02-28 18:31 . 2010-01-22 16:46 574768 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardianDll.dll 2010-02-28 18:31 . 2010-01-22 16:46 15664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardianEvt.dll 2010-02-28 18:31 . 2010-01-22 16:46 83256 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ichlw2ku.default\extensions\[email protected]\plugins\LMIGuardian.exe 2010-02-28 02:15 . 2010-02-28 02:15 15086 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{FB56079B-7D0C-4D1D-864A-09BA159CC31B}\ARPPRODUCTICON.exe 2010-02-23 00:04 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-02-23 00:01 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-02-23 00:01 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2010-02-23 00:01 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll 2010-02-23 00:01 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll 2010-02-10 19:50 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll 2010-02-10 19:50 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll 2010-02-10 19:50 . 2010-02-10 19:50 -------- d-----w- c:\windows\Logs 2010-02-10 19:50 . 2010-02-10 19:50 -------- d-----w- c:\program files\Winamp Detect . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-09 18:09 . 2006-05-07 03:30 67360 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-09 17:44 . 2007-11-05 19:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-03-08 20:08 . 2009-02-28 19:30 -------- d-----w- c:\program files\FSBuild 2010-03-07 19:55 . 2008-06-15 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-03-07 18:46 . 2009-06-16 18:09 -------- d-----w- c:\program files\Trillian 2010-03-07 08:24 . 2006-05-07 03:58 -------- d-----w- c:\program files\Google 2010-03-07 07:49 . 2008-05-10 18:17 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-03-07 07:33 . 2009-07-30 19:09 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-07 05:09 . 2008-07-10 22:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype 2010-03-07 05:05 . 2010-01-22 03:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent 2010-03-07 05:05 . 2009-10-02 01:32 -------- d-----w- c:\program files\PeerBlock 2010-03-07 05:05 . 2007-08-24 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Plantronics 2010-03-07 05:02 . 2008-07-10 22:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM 2010-03-06 04:14 . 2006-05-07 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-06 03:32 . 2010-02-05 01:01 -------- d-----w- c:\program files\TeamSpeak 3 Client 2010-03-05 07:09 . 2010-01-22 03:44 -------- d-----w- c:\program files\uTorrent 2010-03-04 09:06 . 2009-12-15 07:24 -------- d-----w- c:\program files\MyActiveAirSource 2010-02-28 02:15 . 2009-03-31 17:33 -------- d-----w- c:\program files\HiFi 2010-02-28 02:15 . 2009-03-31 17:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HiFi 2010-02-23 00:15 . 2010-02-23 00:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2010-02-23 00:13 . 2010-02-23 00:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2010-02-23 00:12 . 2010-02-23 00:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2010-02-23 00:07 . 2007-12-16 23:47 -------- d-----w- c:\program files\Zune 2010-02-23 00:04 . 2010-02-23 00:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2010-02-23 00:04 . 2010-02-23 00:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-10 19:51 . 2008-03-22 18:21 -------- d-----w- c:\program files\Winamp 2010-02-05 05:34 . 2008-07-20 15:55 -------- d-----w- c:\program files\DivX 2010-02-05 05:34 . 2010-02-05 05:34 -------- d-----w- c:\program files\Common Files\DivX Shared 2010-02-05 00:59 . 2007-08-24 21:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\teamspeak2 2010-02-03 01:48 . 2010-02-03 01:48 -------- d-----w- c:\program files\LogMeIn Hamachi 2010-01-27 05:27 . 2006-05-07 02:59 -------- d-----w- c:\program files\Common Files\Java 2010-01-27 05:27 . 2010-01-27 05:27 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\msvcp71.dll 2010-01-27 05:27 . 2010-01-27 05:27 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\jmc.dll 2010-01-27 05:27 . 2010-01-27 05:27 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-39c22ea2-n\msvcr71.dll 2010-01-27 05:27 . 2010-01-27 05:27 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5718b33f-n\decora-sse.dll 2010-01-27 05:27 . 2010-01-27 05:27 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5718b33f-n\decora-d3d.dll 2010-01-27 05:27 . 2006-05-07 02:59 -------- d-----w- c:\program files\Java 2010-01-27 01:27 . 2009-08-18 00:16 -------- d-----w- c:\program files\LogMeIn 2010-01-27 01:25 . 2009-05-28 08:32 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-01-27 01:25 . 2009-05-28 08:32 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-01-27 01:25 . 2009-05-28 08:31 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-01-27 01:25 . 2008-10-17 00:35 11552 -c--a-w- c:\windows\system32\lmimirr2.dll 2010-01-27 01:25 . 2008-10-17 00:35 25248 -c--a-w- c:\windows\system32\lmimirr.dll 2010-01-26 18:14 . 2010-01-26 18:14 9662 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\ARPPRODUCTICON.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut5_B59B9F867A66400BA298B66073489B0E.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut4_D1E8A80CC3A24AAF8E30F5ABF53C6D0C.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut3_4DD4BB66BF1F4071BCF135B4A1993758.exe 2010-01-26 18:14 . 2010-01-26 18:14 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{78456F0E-278E-4C0D-8B64-2B0151248CA3}\NewShortcut1_C8C9B4FBC9A546C7B2F9B5D62B43F31F.exe 2010-01-26 17:42 . 2007-08-24 21:47 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GRLevel3 2010-01-22 17:37 . 2007-08-31 04:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus 2010-01-22 02:16 . 2009-04-01 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 02:14 . 2009-05-27 18:28 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-12 04:03 . 2009-05-01 02:02 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03 . 2009-05-01 02:02 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03 . 2009-05-01 02:02 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03 . 2008-05-16 18:01 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03 . 2006-05-07 03:13 592488 -c--a-w- c:\windows\system32\nvudisp.exe 2010-01-12 04:03 . 2006-05-07 03:13 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03 . 2006-05-07 03:13 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03 . 2006-05-07 03:13 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03 . 2006-05-07 03:13 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03 . 2006-05-07 03:13 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03 . 2006-05-07 03:13 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-09 20:08 . 2010-01-09 20:08 10686001 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Azureus\plugins\azump\mplayer.exe 2010-01-09 20:06 . 2007-08-31 04:03 -------- d-----w- c:\program files\Azureus 2010-01-07 21:07 . 2009-04-01 02:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2009-04-01 02:36 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 19:38 . 2010-01-07 19:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2010-01-07 19:38 . 2010-01-07 19:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2010-01-07 19:22 . 2010-01-07 19:22 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2010-01-07 19:22 . 2010-01-07 19:22 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2010-01-07 19:22 . 2010-01-07 19:22 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2010-01-07 19:22 . 2010-01-07 19:22 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2010-01-07 19:22 . 2008-03-06 03:46 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2010-01-07 19:22 . 2008-03-06 03:46 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2010-01-07 19:22 . 2007-11-16 02:38 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys 2010-01-05 10:00 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-10 04:00 17408 ------w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-10 04:00 353792 ------w- c:\windows\system32\drivers\srv.sys 2009-12-25 21:37 . 2009-12-25 21:37 6868368 ----a-w- c:\documents and settings\HP_Administrator\Application Data\ESTsoft\ALUpdate\ALZIP\newfile\TEMP\ALZip.exe 2009-12-17 22:14 . 2008-11-25 00:59 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43 . 2004-08-10 04:00 343040 ------w- c:\windows\system32\mspaint.exe 2009-12-14 20:28 . 2009-12-14 20:28 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2009-12-14 20:28 . 2009-12-14 20:28 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2009-12-14 20:28 . 2009-12-14 20:28 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2009-12-14 07:08 . 2004-08-10 04:00 33280 ------w- c:\windows\system32\csrsrv.dll 2009-12-10 08:29 . 2007-08-24 17:34 67360 -c--a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-01 17:26 . 2009-07-01 17:22 127804 -c--a-w- c:\program files\Uninstal.exe 2009-05-26 02:30 . 2009-05-26 02:29 53411556 -c--a-w- c:\program files\FSBuild(2).zip 2009-03-02 21:00 . 2009-03-02 20:58 51688761 -c--a-w- c:\program files\FSBuild.zip 2008-07-23 03:37 . 2008-07-18 16:52 12095 -c--a-w- c:\program files\PaintInfo.txt 2002-07-26 22:02 . 2008-08-04 21:17 153088 ----a-w- c:\program files\UNWISE.EXE 2007-08-25 03:14 . 2007-08-25 03:14 90 -csh--w- c:\windows\cnerolf.dat 2008-12-23 01:10 . 2008-12-23 01:10 13560 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingD701"="del" [X] "SpybotDeletingD1424"="del" [X] "SpybotDeletingD3325"="del" [X] "SpybotDeletingD9346"="del" [X] "SpybotDeletingD1520"="del" [X] "SpybotDeletingD4746"="del" [X] "SpybotDeletingD6671"="del" [X] "SpybotDeletingD8119"="del" [X] "SpybotDeletingD1193"="del" [X] "SpybotDeletingD8277"="del" [X] "SpybotDeletingD2379"="del" [X] "SpybotDeletingD8847"="del" [X] "SpybotDeletingD8417"="del" [X] "SpybotDeletingD6307"="del" [X] "SpybotDeletingD6390"="del" [X] "SpybotDeletingD1084"="del" [X] "SpybotDeletingD1415"="del" [X] "SpybotDeletingD6092"="del" [X] "SpybotDeletingD2694"="del" [X] "SpybotDeletingD1215"="del" [X] "SpybotDeletingD2671"="del" [X] "SpybotDeletingD3410"="del" [X] "SpybotDeletingD1825"="del" [X] "SpybotDeletingD1763"="del" [X] "SpybotDeletingD1286"="del" [X] "SpybotDeletingD6114"="del" [X] "SpybotDeletingD276"="del" [X] "SpybotDeletingD5596"="del" [X] "SpybotDeletingD4977"="del" [X] "SpybotDeletingD6127"="del" [X] "SpybotDeletingD4088"="del" [X] "SpybotDeletingD8700"="del" [X] "SpybotDeletingD3497"="del" [X] "SpybotDeletingD2564"="del" [X] "SpybotDeletingD9785"="del" [X] "SpybotDeletingD4433"="del" [X] "SpybotDeletingD4308"="del" [X] "SpybotDeletingD2321"="del" [X] "SpybotDeletingD9796"="del" [X] "SpybotDeletingD7386"="del" [X] "SpybotDeletingD6274"="del" [X] "SpybotDeletingD835"="del" [X] "SpybotDeletingD2409"="del" [X] "SpybotDeletingD7823"="del" [X] "SpybotDeletingD2499"="del" [X] "SpybotDeletingD869"="del" [X] "SpybotDeletingD4862"="del" [X] "SpybotDeletingD654"="del" [X] "SpybotDeletingD4168"="del" [X] "SpybotDeletingD6001"="del" [X] "SpybotDeletingD657"="del" [X] "SpybotDeletingD2387"="del" [X] "SpybotDeletingD6709"="del" [X] "SpybotDeletingD7834"="del" [X] "SpybotDeletingD7721"="del" [X] "SpybotDeletingD7087"="del" [X] "SpybotDeletingD3211"="del" [X] "SpybotDeletingD4705"="del" [X] "SpybotDeletingD6486"="del" [X] "SpybotDeletingD730"="del" [X] "SpybotDeletingD4516"="del" [X] "SpybotDeletingD4440"="del" [X] "UniblueRegistryBooster"="launcher.exe delay 20000" [X] "SpybotDeletingB2481"="command.com" [2004-08-10 50620] "SpybotDeletingB5703"="command.com" [2004-08-10 50620] "SpybotDeletingB6306"="command.com" [2004-08-10 50620] "SpybotDeletingB1407"="command.com" [2004-08-10 50620] "SpybotDeletingB1299"="command.com" [2004-08-10 50620] "SpybotDeletingB375"="command.com" [2004-08-10 50620] "SpybotDeletingB4377"="command.com" [2004-08-10 50620] "SpybotDeletingB7013"="command.com" [2004-08-10 50620] "SpybotDeletingB4589"="command.com" [2004-08-10 50620] "SpybotDeletingB4816"="command.com" [2004-08-10 50620] "SpybotDeletingB7921"="command.com" [2004-08-10 50620] "SpybotDeletingB8618"="command.com" [2004-08-10 50620] "SpybotDeletingB8111"="command.com" [2004-08-10 50620] "SpybotDeletingB5489"="command.com" [2004-08-10 50620] "SpybotDeletingB7653"="command.com" [2004-08-10 50620] "SpybotDeletingB1329"="command.com" [2004-08-10 50620] "SpybotDeletingB7323"="command.com" [2004-08-10 50620] "SpybotDeletingB4092"="command.com" [2004-08-10 50620] "SpybotDeletingB9095"="command.com" [2004-08-10 50620] "SpybotDeletingB1907"="command.com" [2004-08-10 50620] "SpybotDeletingB3382"="command.com" [2004-08-10 50620] "SpybotDeletingB3863"="command.com" [2004-08-10 50620] "SpybotDeletingB4933"="command.com" [2004-08-10 50620] "SpybotDeletingB4468"="command.com" [2004-08-10 50620] "SpybotDeletingB8871"="command.com" [2004-08-10 50620] "SpybotDeletingB9233"="command.com" [2004-08-10 50620] "SpybotDeletingB7967"="command.com" [2004-08-10 50620] "SpybotDeletingB9464"="command.com" [2004-08-10 50620] "SpybotDeletingB8409"="command.com" [2004-08-10 50620] "SpybotDeletingB2191"="command.com" [2004-08-10 50620] "SpybotDeletingB8795"="command.com" [2004-08-10 50620] "SpybotDeletingB5692"="command.com" [2004-08-10 50620] "SpybotDeletingB5844"="command.com" [2004-08-10 50620] "SpybotDeletingB768"="command.com" [2004-08-10 50620] "SpybotDeletingB7100"="command.com" [2004-08-10 50620] "SpybotDeletingB5654"="command.com" [2004-08-10 50620] "SpybotDeletingB2454"="command.com" [2004-08-10 50620] "SpybotDeletingB3789"="command.com" [2004-08-10 50620] "SpybotDeletingB8095"="command.com" [2004-08-10 50620] "SpybotDeletingB7200"="command.com" [2004-08-10 50620] "SpybotDeletingB9899"="command.com" [2004-08-10 50620] "SpybotDeletingB9237"="command.com" [2004-08-10 50620] "SpybotDeletingB7308"="command.com" [2004-08-10 50620] "SpybotDeletingB4448"="command.com" [2004-08-10 50620] "SpybotDeletingB930"="command.com" [2004-08-10 50620] "SpybotDeletingB6428"="command.com" [2004-08-10 50620] "SpybotDeletingB6501"="command.com" [2004-08-10 50620] "SpybotDeletingB7280"="command.com" [2004-08-10 50620] "SpybotDeletingB1580"="command.com" [2004-08-10 50620] "SpybotDeletingB7397"="command.com" [2004-08-10 50620] "SpybotDeletingB1993"="command.com" [2004-08-10 50620] "SpybotDeletingB3330"="command.com" [2004-08-10 50620] "SpybotDeletingB4781"="command.com" [2004-08-10 50620] "SpybotDeletingB2530"="command.com" [2004-08-10 50620] "SpybotDeletingB7622"="command.com" [2004-08-10 50620] "SpybotDeletingB8440"="command.com" [2004-08-10 50620] "SpybotDeletingB7956"="command.com" [2004-08-10 50620] "SpybotDeletingB8478"="command.com" [2004-08-10 50620] "SpybotDeletingB9533"="command.com" [2004-08-10 50620] "SpybotDeletingB7635"="command.com" [2004-08-10 50620] "SpybotDeletingB1929"="command.com" [2004-08-10 50620] "SpybotDeletingB3722"="command.com" [2004-08-10 50620] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2010-01-27 01:25 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1422:UDP"= 1422:UDP:Windows Media Format SDK (wmplayer.exe) "1423:UDP"= 1423:UDP:Windows Media Format SDK (wmplayer.exe) "1424:UDP"= 1424:UDP:Windows Media Format SDK (wmplayer.exe) R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-05-08 716272] R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2003-09-29 81356] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 135664] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-03-07 632792] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2003-09-29 39182] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys [2003-09-29 9804] R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 14424] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 6085] R4 LMIRfsClientNP;LMIRfsClientNP; [x] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-02-07 194304] S3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\DRIVERS\rxpvbus.sys [2005-08-29 44032] S3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [2006-06-08 179968] . Contents of the 'Scheduled Tasks' folder 2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-02 18:57] 2007-10-23 c:\windows\Tasks\Easy Internet Sign-up.job - c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23] 2010-03-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-24 17:28] 2010-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 07:40] 2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-22 07:40] 2010-03-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\Supertoolbar\UpdateTask.exe [2008-10-21 16:13] . . ------- Supplementary Scan ------- . Trusted Zone: trymedia.com FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uezoizsg.default\ FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-PCDrProfiler - (no file) AddRemove-A310 The Master's Edition v1.5 Update - 0:\program files\Microsoft Games\Flight Simulator 9\A310.Patch.1.5.Uninstal.exe AddRemove-FlightSim Commander - c:\progra~1\FSC\UNWISE.EXE AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe AddRemove-TGATool2A_is1 - c:\program files\MW\TGATool2\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-03-09 14:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(560) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2010-03-09 14:25:39 ComboFix-quarantined-files.txt 2010-03-09 19:25 Pre-Run: 49,533,763,584 bytes free Post-Run: 49,485,242,368 bytes free Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4 - - End Of File - - 6A99710ACFCBCB1B2C74DC28C1583A2D I use Adobe Acrobat for any PDF, creations/edits/converstions. I attempted to remove the Ask.com Toolbar, but get an error with the Add/Remove method, is there a manual method of removing it?
  8. DDS (Ver_09-12-01.01) - NTFSx86 Run by HP_Administrator at 4:26:12.46 on Sat 03/13/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2479 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {00000000-0000-0000-0000-000000000000} - No File TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\trilli~1.lnk - c:\program files\trillian\trillian.exe IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 Trusted Zone: turbotax.com Trusted Zone: trymedia.com DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfoforum.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\ichlw2ku.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - prefs.js: browser.search.selectedEngine - AIM Search FF - prefs.js: browser.startup.homepage - hxxp://www.flightaware.com/ FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query= FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\ichlw2ku.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.pipelining - true FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: content.notify.backoffcount - 5 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.cache.memory.capacity - 65536c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2007-10-22 81356] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-28 47640] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-31 236368] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-3-7 632792] R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2007-10-22 39182] R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2007-10-22 9804] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-31 19160] R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2007-8-24 194304] R3 rxpvbus;Reality XP Avionics Bus Driver;c:\windows\system32\drivers\rxpvbus.sys [2005-8-28 44032] R3 SaiH0763;SaiH0763;c:\windows\system32\drivers\SaiH0763.sys [2007-12-22 179968] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-22 135664] S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-10-1 14424] S3 WFIOCTL;WFIOCTL;c:\program files\winfast\wftvfm\WFIOCTL.sys [2007-8-25 6085] S4 LMIRfsClientNP;LMIRfsClientNP; [x] S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-6 1247600] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-6 24652] =============== Created Last 30 ================ 2010-03-12 06:28:27 152628 ----a-w- C:\-2010-mar-12-002.jpg 2010-03-12 06:20:35 110246 ----a-w- C:\Near MMPR at FL330.jpg 2010-03-10 23:14:51 0 d-----w- c:\program files\Real Environment Xtreme FS2004 2010-03-10 10:19:08 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Registry Mechanic 2010-03-10 01:19:31 0 d-----w- C:\xp_exe_fix 2010-03-09 18:38:22 98816 ----a-w- c:\windows\sed.exe 2010-03-09 18:38:22 77312 ----a-w- c:\windows\MBR.exe 2010-03-09 18:38:22 261632 ----a-w- c:\windows\PEV.exe 2010-03-09 18:38:22 161792 ----a-w- c:\windows\SWREG.exe 2010-03-07 19:23:38 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-03-07 19:23:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-03-07 08:06:50 880640 ----a-w- c:\windows\system32\UniBox10.ocx 2010-03-07 08:06:50 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx 2010-03-07 08:06:50 1101824 ----a-w- c:\windows\system32\UniBox210.ocx 2010-03-07 08:06:49 0 d-----w- c:\program files\common files\PC Tools 2010-03-06 23:09:24 10012 ----a-w- C:\Alaska Airlines And Horizon Air Routes.xlsx 2010-03-06 22:21:51 139809 ----a-w- C:\ASAconcorde.jpg 2010-03-06 06:43:05 787508 ----a-w- C:\dh8400_main.bmp 2010-03-05 22:03:44 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation 2010-03-05 22:03:32 0 d-----w- c:\program files\NVIDIA Corporation 2010-03-05 22:02:49 9047 ----a-w- c:\windows\system32\nvinfo.pb 2010-03-05 22:02:49 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-03-05 22:02:46 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-03-01 17:50:56 15015 ----a-w- C:\EPRtable.odt 2010-02-23 00:15:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf 2010-02-23 00:13:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf 2010-02-23 00:12:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf 2010-02-23 00:04:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf 2010-02-23 00:04:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-02-23 00:04:36 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-02-23 00:01:24 465920 ------w- c:\windows\system32\imapi2fs.dll 2010-02-23 00:01:24 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll 2010-02-23 00:01:24 317952 ------w- c:\windows\system32\imapi2.dll 2010-02-23 00:01:24 317952 ------w- c:\windows\system32\dllcache\imapi2.dll 2010-02-11 18:36:50 104264 ----a-w- C:\minidog.JPG ==================== Find3M ==================== 2010-01-27 01:25:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2010-01-27 01:25:33 87352 ----a-w- c:\windows\system32\LMIinit.dll 2010-01-27 01:25:33 28984 ----a-w- c:\windows\system32\LMIport.dll 2010-01-27 01:25:33 25248 -c--a-w- c:\windows\system32\lmimirr.dll 2010-01-27 01:25:33 11552 -c--a-w- c:\windows\system32\lmimirr2.dll 2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03:33 592488 -c--a-w- c:\windows\system32\nvudisp.exe 2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03:33 10276768 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys 2010-01-12 03:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-07 19:38:18 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe 2010-01-07 19:38:10 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe 2010-01-07 19:22:04 74240 ----a-w- c:\windows\system32\ZuneUsbTransport.dll 2010-01-07 19:22:04 57344 ----a-w- c:\windows\system32\ZuneRegUtil.dll 2010-01-07 19:22:04 310784 ----a-w- c:\windows\system32\ZuneNetProxy.dll 2010-01-07 19:22:04 18944 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll 2010-01-07 19:22:04 147456 ----a-w- c:\windows\system32\ZuneMTPZ.dll 2010-01-07 19:22:04 12800 ----a-w- c:\windows\system32\ZunePTDNS.dll 2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys 2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 13:05:43 634648 ------w- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-12-17 22:14:00 411368 -c--a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe 2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe 2009-12-14 20:28:52 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll 2009-12-14 20:28:52 1837296 ----a-w- c:\windows\system32\WUDFUpdate_01009.dll 2009-12-14 20:28:50 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll 2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll 2009-07-01 17:26:19 127804 -c--a-w- c:\program files\Uninstal.exe 2009-05-26 02:30:44 53411556 -c--a-w- c:\program files\FSBuild(2).zip 2009-03-02 21:00:23 51688761 -c--a-w- c:\program files\FSBuild.zip 2008-07-23 03:37:38 12095 -c--a-w- c:\program files\PaintInfo.txt 2002-07-26 22:02:06 153088 ----a-w- c:\program files\UNWISE.EXE 2007-08-25 03:14:21 90 -csh--w- c:\windows\cnerolf.dat 2008-12-23 01:10:50 13560 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-04-01 05:32:59 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040120090402\index.dat ============= FINISH: 4:27:06.45 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 8/24/2007 1:33:11 PM System Uptime: 3/13/2010 4:23:13 AM (0 hours ago) Motherboard: ASUSTek Computer INC. | | NAGAMI2 Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2004/199mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 224 GiB total, 36.95 GiB free. D: is FIXED (FAT32) - 9 GiB total, 0.444 GiB free. E: is CDROM () G: is Removable H: is Removable I: is Removable J: is Removable Z: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01 Manufacturer: NVIDIA Name: NVIDIA nForce Networking Controller PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&180DF4C5&0&01 Service: NVENETFD ==== System Restore Points =================== RP1: 3/9/2010 1:55:31 PM - System Checkpoint RP2: 3/10/2010 5:54:30 PM - System Checkpoint RP3: 3/10/2010 6:14:43 PM - Installed Real Environment Xtreme FS2004 RP4: 3/11/2010 3:00:20 AM - Software Distribution Service 3.0 RP5: 3/12/2010 5:05:58 AM - System Checkpoint ==== Installed Programs ====================== Flight One Software Meridian 2004 µTorrent 737-300 Pilot in Command 737 Pilot in Command - 400/500 Upgrade ABBYY FineReader 5.0 Sprint AceIt v1.3.1 Active AirSource v3.27 Active Camera 2004 fix version 2.1 (FS9.0) Active Camera 2004 version 2.1 for FS 9.0 Active Sky Advanced Active Sky Evolution [email protected] ISO Burner v 1.1 Adobe Acrobat 7.0 Professional Adobe Acrobat 7.1.0 Professional Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 8.1.4 aerosoft's - AES-Base&&AirportPack - FS2004 aerosoft's - Brussels 2007 aerosoft's - Commuter Airliners (Eurowings 2004) aerosoft's - London Heathrow 2008 aerosoft's - Mega Airport Frankfurt - FS2004 aerosoft's - Paris CDG 2005 - FS2004 aerosoft's - Piper Cheyenne Aeroworx X-treme King Air B200 v.2.1 Update Aeroworx X-treme King Air B200 v.2.2 Patch Agere Systems PCI-SV92PP Soft Modem AIM 6 AIM Toolbar AiO_Scan AiOSoftware Airbus Series Vol.1 (FS2004) Airbus Series Vol.1 Deluxe Upgrade (FS2004) Airbus Vol 1 Call 1.0 Airline Pack E-170 FS9/FSX (version 1.1) Alien Outbreak 2 ALMATY9 V2.0 ALUpdate ALZip Ancient Sudoku AnswerWorks 4.0 Runtime - English Apple Software Update ArcSoft PhotoImpression 6 Ariane Boeing 737-700 Ng V3 Ariane Boeing 737-800 Ng V3 Ariane Boeing 737-900 ER NavDATA Ariane Boeing 737-Ng NavDATA Ask.com Toolbar ATC Career Prep Software Suite Audacity 1.2.6 AudibleManager Auto Updater AutoUpdate Bejeweled 2 Deluxe Big Kahuna Reef Blackhawk Striker 2 Blasterball 2 Remix Blasterball 2 Revolution Boeing 737-600 Ng Splash & Backgrounds Boeing 737-900 Ng CFM56 7b 26 SOUND PART ONE Boeing 737-900 Ng CFM56 7b 26 SOUND PART TWO Boeing 757 Professional 2006 Bookworm Deluxe Bounce Symphony BufferChm Cancun_2005 Carenado C 152 II CCleaner (remove only) Chuzzle Deluxe Class_50_Content_Update CLOUD9 LosAngeles 1.01 CLOUD9 Washington 1.01 Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CRJ Experience CRJ New Generation CueTour Customer Experience Enhancement CYWG (Winnipeg Int Airport) V1.01 for FS2004 Dallas Delta Virtual Airlines ACARS Delta Virtual Airlines ACARS (beta) 2.2 Delta Virtual Airlines ACARS 2.2 Delta Virtual Airlines DC-6 (FS2004) Delta Virtual Airlines DC-8 (FS2004) Destinations Digital Aviation's - Dornier Do-27 Diner Dash DISCover DivX DivX Plus Web Player DocProc DocumentViewer Download Updater (AOL LLC) DVD and CD Designer DVD Burning Xpress 3.30 E-Jets Series (FS2004) Eaglesoft Development Group Citation X 2.0 FS9 Easy CD Creator 5 Basic Easy DVD Rip Easy Internet Sign-up Easy Video Joiner 5.21 Easy Video Splitter 1.28 Eiresim Dublin 2009 Encode360 Enhanced Multimedia Keyboard Solution Expstudio Audio Editor FREE Fairies Family Feud FATE Fax FeelThere ERJ v.2 FeelThere PIC ERJ-145LR 1.0 FlightZone 02: Portland Flip Words Fly the MADDOG 2008 - Professional Edition Fly the MADDOG 2008 liveries Fokker 70-100 FREE Hi-Q Recorder 1.9 FS Online Center 2007 FS Online Center 2007 V2 FS Real Time v1.83 FS2Crew MD-11 UK & Eurozone Voice Set FS2Crew Start Center FS2Crew Start Center April 2009 FS2Crew: Flight1 ATR Edition FSAutoStart FSBuild 2 FSDreamTeam Ohare9 1.1.1 FSDreamTeam Zurich9 1.3 FSFDT FSCopilot FSFDT FSInn FSWXR2100 Version 1.4.1 GARMIN 500 Series Trainer GemMaster Mystic Google Toolbar for Internet Explorer Google Update Helper Google Updater Greatest Airliners: 727 High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 10 (KB910393) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Boot Optimizer HP Deskjet Printer Preload HP DigitalMedia Archive HP Driver Diagnostics HP DVD Play 2.1 HP Game Console HP Image Zone 4.2 HP Product Assistant HP PSC & OfficeJet 4.2 HP Rhapsody HP Solution Center and Imaging Support Tools 6.1 HP Update HP Web Helper HPODiscovery HPProductAssistant HpSdpAppCoreApp HPSystemDiagnostics HyperCam 2 iDailyDiary 3.41 Insaniquarium Deluxe InstantShare J2SE Runtime Environment 5.0 Update 5 Japanese Fonts Support For Adobe Reader 8 Java Auto Updater Java(tm) 6 Update 13 Java(tm) 6 Update 18 Java(tm) 6 Update 2 Java(tm) 6 Update 3 Java(tm) 6 Update 4 Java(tm) 6 Update 5 Java(tm) 6 Update 7 JeppView / JeppView FliteDeck Jewel Quest JustFlight 777 Professional K-Lite Codec Pack 3.3.0 Full KATL Atlanta KBWI2k5v2 KDEN Denver KEWR Newark KIND v1.1.1 2009 for FS9 KIND v1.1.1 for FS9 KLGA La Guardia KMCI Kansas City KMCO v1.1.1 for FS9 KMSP v1.1.1 for FS2004 LAGO Twin Otter Version 2.00 Legacy 'The Luxury Aircraft Collection' Level-D Simulations 767-300 Lexmark X1100 Series LightScribe 1.4.84.1 Logitech Audio Echo Cancellation Component Logitech ImageStudio LogMeIn LogMeIn Hamachi Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Magic ISO Maker v5.5 (build 0273) MagicDisc 2.7.106 Mah Jong Quest Malwarebytes' Anti-Malware Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Away Mode Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator 2004 A Century of Flight Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Money 2006 Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Edition 60 Days Trial Welcome Tour Microsoft Office 97, Professional Edition Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 6.0 Professional Edition Microsoft WinUsb 1.0 Microsoft Works Microsoft XML Parser Mozilla Firefox (3.5.8) MSDN Library - Visual Studio 6.0a MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB954459) muvee autoProducer 5.0 muvee autoProducer unPlugged 2.0 MyActiveAirSource Mystery Case Files Mz Ultimate Tweaker v5.9 Navigraph nDAC 3 NCalc 5.1.0 neroxml Netscape Browser (remove only) Netscape Navigator (9.0.0.3) NVIDIA Drivers NVIDIA nView Desktop Manager OpenOffice.org 3.1 Otto Overland OVT Scanner Payload_Planner PC-Doctor 5 for Windows PeerBlock 1.0.0 (r181) PerSono Pro PerSono Pro Install Photo DVD Maker Professional 6.51 PhotoGallery Pinnacle Instant DVD Recorder PMDG 747-400F GE Atlas PMDG 747-400F GE Polar Air Cargo PMDG 747-400F PW FedEx PMDG MD-11 FS9 PMDG747_400 Queen of the Skies PMDG747_400F PMDGMD11_FS9_GE_AA PMDGMD11_FS9_GE_CO PMDGMD11_FS9_GE_KL1 PMDGMD11_FS9_GE_NA PMDGMD11_FS9_GEF_FXF1 PMDGMD11_FS9_GEF_GRF2 PMDGMD11_FS9_GEF_LHF1 PMDGMD11_FS9_GEF_WOF1 PMDGMD11_FS9_PW_DL PMDGMD11_FS9_PW_DL1 PMDGMD11_FS9_PW_DL2 PMDGMD11_FS9_PW_DL3 PMDGMD11_FS9_PW_NW PMDGMD11_FS9_PW_UA2 PMDGMD11_FS9_PW_WO1 PMDGMD11_FS9_PW_WO2 PMDGMD11_FS9_PWF_5XF PMDGMD11_FS9_PWF_FXF PMDGMD11_FS9_PWF_WOF Poker Superstars Polar Bowler Polar Golfer PrintScreen proDAD Heroglyph 2.5 Python 2.2 pywin32 extensions (build 203) Python 2.2.3 QFolder Quad Cities International Airport by M1DG Quicken 2006 QuickProjects QuickTime Readme Real Environment Xtreme FS2004 RealPlayer Realtek High Definition Audio Driver Registry Mechanic 9.0 Remove UK2000 Birmingham Xtreme files Ricochet Lost Worlds Roger Wilco Saitek SST Programming Software Scan SCRABBLE SD40-2_Content_Update Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB976325) Security Update for Windows Internet Explorer 7 (KB978207) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978706) SI Calendar 2009 Sim-Wings - Nice Cote d'Azur SkinsHP1 Skypeâ„¢ 4.1 Slingo Deluxe SmartSound Quicktracks Plugin Smith Designs KATL AFCAD Update Snowy The Bears Adventure SolutionCenter Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Spybot - Search & Destroy Studio 10 Studio 10 Bonus DVD Studio 10.8 Patch Sumatra PDF reader Super Granny Symantec KB-DocID:2003093015493306 System Requirements Lab TBPB v1.1.1 for FS9 TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 TeamSpeak 3 Client Tennis Titans Text-o-Matic The FFS Saab 340 Base Installer The FFS Saab 340 Update Tornado Jockey Tradewinds TrayApp Trillian TurboTax Premier 2007 Ulead Disc-Direct SDK Ultimate Terrain - USA Uninstall OVT Scanner Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 7 (KB976749) Update for Windows Media Player 10 (KB913800) Update for Windows Media Player 10 (KB926251) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 Updates from HP (remove only) US ACARS 2.2 VAT-Spy VC80CRTRedist - 8.0.50727.4053 VCRedistSetup Version 1.0 VHHH Hong Kong FS2004 Viewpoint Media Player VRC Vuze WeatherBug WebFldrs XP WebReg Wee Tune Beastie Winamp Winamp Detector Plug-in Winamp Toolbar for Internet Explorer WinAVI Video Converter Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows Presentation Foundation Windows XP Media Center Edition 2005 KB908246 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinFast PVR WingMan Software Wings of Power: B17 Flying Fortress Wings of Power: P51D/H Mustang X-treme King Air B200 v.2.0.1 XML Paper Specification Shared Components Pack 1.0 XviD & MP3 Codec Pack (remove only) XviD 1.1 final uninstall Yahoo! Browser Services Yahoo! Install Manager Yahoo! Internet Mail Yahoo! Messenger Yahoo! Search Protection Yahoo! Software Update Yahoo! Toolbar Zune Zune Language Pack (DE) Zune Language Pack (ES) Zune Language Pack (FR) Zune Language Pack (IT) ==== Event Viewer Messages From Past Week ======== 3/9/2010 1:38:06 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified. 3/9/2010 1:36:37 PM, error: SRService [104] - The System Restore initialization process failed. 3/8/2010 3:07:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 3/7/2010 7:46:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 3/7/2010 4:54:56 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00146C661794. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 3/7/2010 4:52:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/7/2010 3:41:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/7/2010 3:32:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 ASPI32 cdudf_xp Fips ftsata2 PCLEPCI 3/7/2010 2:43:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp ftsata2 3/7/2010 2:30:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde 3/7/2010 12:14:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 ASPI32 cdudf_xp Fips ftsata2 IPSec MRxSmb NetBIOS NetBT PCLEPCI RasAcd Rdbss Tcpip WS2IFSL 3/7/2010 12:14:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 3/7/2010 12:14:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/7/2010 12:14:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 3/7/2010 12:14:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 3/7/2010 12:13:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 3/7/2010 11:26:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 3/7/2010 11:26:14 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/7/2010 11:26:14 AM, error: Service Control Manager [7001] - The Alerter service depends on the Workstation service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/6/2010 7:40:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.FlightSimulator.SimConnect . Reference error message: The referenced assembly is not installed on your system. . 3/6/2010 7:40:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\HiFi\ASE\Microsoft.FlightSimulator.SimConnect.dll. Reference error message: The operation completed successfully. . 3/6/2010 7:40:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.FlightSimulator.SimConnect could not be found and Last Error was The referenced assembly is not installed on your system. 3/6/2010 12:20:02 PM, error: System Error [1003] - Error code 000000ea, parameter1 895e3af8, parameter2 8b0b2328, parameter3 8ad89d60, parameter4 00000001. 3/6/2010 12:19:02 PM, error: System Error [1003] - Error code 000000fe, parameter1 00000005, parameter2 8aec70e0, parameter3 10de026e, parameter4 8a433910. 3/13/2010 4:18:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SamSs service. 3/13/2010 4:17:27 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ProtectedStorage service. 3/13/2010 4:16:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service. 3/13/2010 4:16:22 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service. 3/13/2010 4:10:22 AM, error: Service Control Manager [7034] - The PC Tools Startup and Shutdown Monitor service service terminated unexpectedly. It has done this 1 time(s). 3/13/2010 2:45:21 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom1. ==== End Of File =========================== After the GMER tool was done I attempted to run things like Notepad and Windows said it didn't have the resources to run them and my "All Programs" list was cleared, and it told me I didn't have permission to run explorer.exe after a reboot everything was ok, but startmansvc.exe failed to run and everything was slow or the system acted as if it was frozen, as in it wouldn't run anything, after a second reboot everything was fine. Jared
  9. It appears I fixed my problem by importing a registry file that had the default XP settings for exe file association, but I'd still be interested to know what the log says and if there is an evidence of any other nastiness on the system. Jared
  10. Hey all, This morning my system was running normally then I got a Security Alert that there was malware on the system, I suspected that it was rogue software, think it was supposed to be Anti virus 2009/10 or something, so I booted Windows into safe mode and scanned with Malwarebytes and it did find an infection called something like "rouge.antivirus" along with a few other trojans, all infections were cleaned by Malwarebytes, I rebooted the system in normal mode and ever since then my start up programs will not run and anytime I double click a shortcut or attempt to run applications I get the "Open with." with shortcuts and a "Can't run xxxxx.exe" if I try to run the .exe directly, also when I attempt to open explorer.exe I get a a critical "C:\Windows\Explorer.exe, Application not found." message, in Safe mode as I am now, everything runs along with the reduced apps and services under safe mode. I have tried scanning with tools like Spybot, avast, and Hijack This, Spybot found a few threats and cleaned what it could, but avast didn't find anything, how should I proceed? If you need the HJT log I'll run it again and post the log. Thanks. JarMD80 I thought I'd post the HJT log anyway, I'm very curious to know what what got in and how to get rid of it so I can run in normal mode again. HJT log: "Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:42:43 PM, on 3/8/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB2481] command.com /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD701] cmd.exe /c del "C:\WINDOWS\wt\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB5703] command.com /c del "C:\WINDOWS\wt\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingD1424] cmd.exe /c del "C:\WINDOWS\wt\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingB6306] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD3325] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB1407] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD9346] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB1299] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD1520] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB375] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD4746] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4377] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6671] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB7013] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded" O4 - HKCU\..\RunOnce: [SpybotDeletingD8119] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded" O4 - HKCU\..\RunOnce: [SpybotDeletingB4589] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD1193] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4816] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8277] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB7921] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingD2379] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingB8618] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8847] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB8111] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8417] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB5489] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingD6307] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingB7653] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax" O4 - HKCU\..\RunOnce: [SpybotDeletingD6390] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax" O4 - HKCU\..\RunOnce: [SpybotDeletingB1329] command.com /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini" O4 - HKCU\..\RunOnce: [SpybotDeletingD1084] cmd.exe /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini" O4 - HKCU\..\RunOnce: [SpybotDeletingB7323] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD1415] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4092] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingD6092] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingB9095] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2694] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB1907] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD1215] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB3382] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html" O4 - HKCU\..\RunOnce: [SpybotDeletingD2671] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html" O4 - HKCU\..\RunOnce: [SpybotDeletingB3863] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingD3410] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingB4933] command.com /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingD1825] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingB4468] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD1763] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB8871] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD1286] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB9233] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6114] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB7967] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD276] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB9464] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD5596] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB8409] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt" O4 - HKCU\..\RunOnce: [SpybotDeletingD4977] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt" O4 - HKCU\..\RunOnce: [SpybotDeletingB2191] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6127] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB8795] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD4088] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB5692] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD8700] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB5844] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded" O4 - HKCU\..\RunOnce: [SpybotDeletingD3497] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded" O4 - HKCU\..\RunOnce: [SpybotDeletingB768] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2564] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB7100] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingD9785] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingB5654] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingD4433] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingB2454] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingD4308] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingB3789] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2321] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB8095] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingD9796] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingB7200] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini" O4 - HKCU\..\RunOnce: [SpybotDeletingD7386] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini" O4 - HKCU\..\RunOnce: [SpybotDeletingB9899] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingD6274] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe" O4 - HKCU\..\RunOnce: [SpybotDeletingB9237] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD835] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB7308] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2409] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB4448] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingD7823] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar" O4 - HKCU\..\RunOnce: [SpybotDeletingB930] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD2499] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB6428] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax" O4 - HKCU\..\RunOnce: [SpybotDeletingD869] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax" O4 - HKCU\..\RunOnce: [SpybotDeletingB6501] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini" O4 - HKCU\..\RunOnce: [SpybotDeletingD4862] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini" O4 - HKCU\..\RunOnce: [SpybotDeletingB7280] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html" O4 - HKCU\..\RunOnce: [SpybotDeletingD654] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html" O4 - HKCU\..\RunOnce: [SpybotDeletingB1580] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingD4168] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingB7397] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD6001] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB1993] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD657] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB3330] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingD2387] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingB4781] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingD6709] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingB2530] command.com /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingD7834] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingB7622] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingD7721] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll" O4 - HKCU\..\RunOnce: [SpybotDeletingB8440] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html" O4 - HKCU\..\RunOnce: [SpybotDeletingD7087] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html" O4 - HKCU\..\RunOnce: [SpybotDeletingB7956] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingD3211] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo" O4 - HKCU\..\RunOnce: [SpybotDeletingB8478] command.com /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingD4705] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas" O4 - HKCU\..\RunOnce: [SpybotDeletingB9533] command.com /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingD6486] cmd.exe /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts" O4 - HKCU\..\RunOnce: [SpybotDeletingB7635] command.com /c del "C:\Documents and Settings\HP_Administrator\Application Data\MegauploadToolbar\downfile\megauper.zip" O4 - HKCU\..\RunOnce: [SpybotDeletingD730] cmd.exe /c del "C:\Documents and Settings\HP_Administrator\Application Data\MegauploadToolbar\downfile\megauper.zip" O4 - HKCU\..\RunOnce: [SpybotDeletingB1929] command.com /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierEN.lng" O4 - HKCU\..\RunOnce: [SpybotDeletingD4516] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierEN.lng" O4 - HKCU\..\RunOnce: [SpybotDeletingB3722] command.com /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierFR.lng" O4 - HKCU\..\RunOnce: [SpybotDeletingD4440] cmd.exe /c del "C:\Documents and Settings\All Users\Application Data\EmailNotifier\EmailNotifierFR.lng" O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "launcher.exe" delay 20000 O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 17457 bytes"