TheTechGuide Forum

General Category => Tech Clinic => Topic started by: cingal08 on August 18, 2009, 03:18:38 PM

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 03:18:38 PM

Husband opened an email with virus.  AVG is not seeing it.  I know its there.  I tried using Malware bytes and Spybot.  There is some kind of block on these as they are on my computer but wont run.  I get file corrupted errors. Run chkdsk utility.  I have tried to clean myself using, AFT-cleaner/AVG/Malwarebytes/and Spybot.  Now, I do not have IE.  Its blocked and am having to use my external hard drive and laptop to contact you for help.  I have attached my hjt log.  Can you help me please?  I await your response. Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:29 PM, on 8/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
G:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8 (http://\"http://www.yahoo.com/?fr=fp-yie8\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com (http://\"http://verizon.yahoo.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL (http://\"http://kl.bar.need2find.com/KL/menusearch.html?p=KL\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab (http://\"https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab\")
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab (http://\"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119489249703 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119489249703\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140026350671 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140026350671\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11002 bytes

Title: Help! Aliens have invaded!
Post by: guestolo on August 18, 2009, 06:41:22 PM

Can you try browsing to Malwarebytes install folder
By default it should be
C:\Program Files\Malwarebytes' Anti-Malware

OPen that folder, locate mbam.exe
Right click on it and rename it something else, such as cingal.exe
See if it will then run when you double click on cingal.exe

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 07:08:57 PM

[quote name=\'guestolo\' post=\'464791\' date=\'Aug 18 2009, 06:41 PM\']Can you try browsing to Malwarebytes install folder
By default it should be
C:\Program Files\Malwarebytes' Anti-Malware

OPen that folder, locate mbam.exe
Right click on it and rename it something else, such as cingal.exe
See if it will then run when you double click on cingal.exe[/quote]


I uninstalled the Malwarebytes and Spybot  from the infected desktop.  I installed updated good clean copies to my external hard drive and attempted to run them from there with no luck.  I got your message and tried to rename them and run them.  No luck.  I get the corrupt file error. Desktop ini is corrupt and unreadable. Run chkdsk utility. On both of them.  /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Title: Help! Aliens have invaded!
Post by: guestolo on August 18, 2009, 08:05:20 PM

Click Start.

    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Go back and try renaming mbam.exe to mbam.com
This is not the shortcut, but the main executable from the install folder

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 08:37:46 PM

[quote name=\'guestolo\' post=\'464793\' date=\'Aug 18 2009, 08:05 PM\']Click Start.

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Go back and try renaming mbam.exe to mbam.com
This is not the shortcut, but the main executable from the install folder


OK..it gives me a pop up that says:
If you change the file name extension, the file may become unusable.  Are you sure you want to change it?  Yes or NO?[/quote]

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 08:51:19 PM

I answered YES...its hung up on the hourglass.  Will try to run when its done, and let you know!

Title: Help! Aliens have invaded!
Post by: guestolo on August 18, 2009, 08:52:52 PM

Quote

OK..it gives me a pop up that says:
If you change the file name extension, the file may become unusable. Are you sure you want to change it? Yes or NO?

Click YES, the icon will change, but I need to know if MBAM will then run, give it a few seconds to startup

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 09:01:00 PM

OK...it gave me a Run-time error '0'

Title: Help! Aliens have invaded!
Post by: guestolo on August 18, 2009, 09:10:18 PM

Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers
let me know if you see something like TDSSserv

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 09:19:52 PM

[quote name=\'guestolo\' post=\'464798\' date=\'Aug 18 2009, 09:10 PM\']Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers
let me know if you see something like TDSSserv[/quote]

I have TDPIPE and TDTCP

Title: Help! Aliens have invaded!
Post by: guestolo on August 18, 2009, 09:32:37 PM

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")

• If you are using Firefox, make sure that your download settings are as follows:
• Tools->Options->Main tab
• Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  

(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif)
(http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif)

* It is important you rename Combofix during the download, but not after.
    * Please do not rename Combofix to other names, but only to the one indicated.
SAVE IT  and

transfer the file to the Desktop>>This is important
[/list]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with some tools[/color]
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

    * Click on Tools.
    * Select Advanced.
    * In the left hand pane, scroll down to "Resident Shield".
    * In the main pane, deselect the option to "Enable Resident Shield."
We will reenable this protection later
     

• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  C:\Combo-Fix.txt
Post that log please

Title: Help! Aliens have invaded!
Post by: cingal08 on August 18, 2009, 10:30:06 PM

Whewww....here ya go.

ComboFix 09-08-10.06 - HP_Administrator 08/18/2009 22:01.3.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.451 [GMT -5:00]
Running from: G:\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\windows\kb913800.exe

.
(((((((((((((((((((((((((   Files Created from 2009-07-19 to 2009-08-19  )))))))))))))))))))))))))))))))
.

2009-08-12 02:20 . 2009-08-18 21:27   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-08-12 02:20 . 2009-08-18 21:25   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-02 22:03 . 2009-08-09 10:11   --------   d--h--w-   C:\$AVG8.VAULT$
2009-08-02 21:56 . 2009-08-02 21:56   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-08-02 21:56 . 2009-08-02 21:56   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-08-02 21:56 . 2009-08-02 21:56   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-08-02 21:56 . 2009-08-02 21:56   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-08-02 21:55 . 2009-08-12 01:30   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-08-02 21:55 . 2009-08-02 21:55   --------   d-----w-   c:\program files\AVG
2009-08-02 21:55 . 2009-08-02 21:55   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-02 21:16 . 2009-08-02 21:16   --------   d-----w-   c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-08-02 21:16 . 2009-08-02 21:16   --------   d-----w-   c:\docume~1\HP_ADM~1\APPLIC~1\AVG8
2009-08-02 17:18 . 2009-08-02 17:18   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-08-02 17:06 . 2009-08-02 17:06   0   ----a-w-   c:\windows\system32\cmpwrap.dat
2009-08-02 17:04 . 2009-08-02 17:27   4   ----a-w-   c:\windows\system32\bincd32.dat
2009-08-02 17:03 . 2009-08-02 17:32   64   ----a-w-   c:\windows\ppp4.dat
2009-08-02 17:03 . 2009-08-02 17:32   3   ----a-w-   c:\windows\ppp3.dat
2009-08-02 17:03 . 2009-08-02 17:03   36   ----a-w-   c:\windows\system32\sysnet.dat
2009-07-28 18:52 . 2009-07-28 18:52   --------   d-----w-   c:\program files\Linksys
2009-07-28 18:52 . 2008-12-12 23:05   23984   ----a-w-   c:\windows\system32\drivers\pnarp.sys
2009-07-28 18:52 . 2008-12-12 23:05   25264   ----a-w-   c:\windows\system32\drivers\purendis.sys
2009-07-28 18:51 . 2009-07-28 18:51   --------   d-----w-   c:\program files\Common Files\Pure Networks Shared
2009-07-28 18:51 . 2009-07-28 18:51   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Pure Networks
2009-07-28 18:50 . 2008-12-04 13:17   627072   ----a-r-   c:\windows\system32\drivers\WUSB54GCv3.sys
2009-07-28 18:50 . 2008-12-04 13:17   221184   ----a-w-   c:\windows\system32\RaCoInst.dll
2009-07-28 18:50 . 2008-12-04 13:17   15312   ----a-r-   c:\windows\system32\RaCoInst.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 03:14 . 2006-06-05 13:40   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-08-12 03:14 . 2006-04-26 17:49   --------   d-----w-   c:\program files\Yahoo!
2009-08-12 03:14 . 2007-05-05 20:46   --------   d--h--r-   c:\documents and settings\HP_Administrator\Application Data\yahoo!
2009-08-12 03:14 . 2007-05-05 20:46   --------   d--h--r-   c:\docume~1\HP_ADM~1\APPLIC~1\yahoo!
2009-08-02 22:25 . 2005-05-05 15:45   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-08-02 22:25 . 2006-05-30 21:54   --------   d-----w-   c:\program files\Verizon
2009-07-14 18:44 . 2005-06-23 03:10   55048   ----a-w-   c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 18:44 . 2005-06-23 03:10   55048   ----a-w-   c:\docume~1\HP_ADM~1\LOCALS~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2009-07-12 00:06 . 2005-05-05 16:02   --------   d-----w-   c:\program files\Google
2009-07-11 23:54 . 2005-05-05 15:26   --------   d-----w-   c:\program files\HP
2009-07-11 23:54 . 2005-05-05 15:26   --------   d-----w-   c:\program files\Hewlett-Packard
2009-07-11 23:53 . 2009-07-11 23:53   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-07-11 23:49 . 2003-05-19 22:01   139264   ----a-w-   c:\windows\system32\hpzjrd01.dll
2009-07-11 23:36 . 2009-07-11 23:36   --------   d-----w-   c:\program files\MSBuild
2009-07-11 23:35 . 2009-07-11 23:35   --------   d-----w-   c:\program files\Reference Assemblies
2009-07-11 16:14 . 2006-09-05 12:39   --------   d-----w-   c:\program files\fsupport
2009-07-11 14:51 . 2009-07-11 14:50   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-11 14:51 . 2009-07-11 14:51   --------   dc-h--w-   c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-11 14:50 . 2006-02-15 19:59   --------   d-----w-   c:\program files\Lavasoft
2009-07-03 17:09 . 2004-08-10 04:00   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-07-11 14:51   64160   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-11 16:14   15688   ----a-w-   c:\windows\system32\lsdelete.exe
2009-06-16 14:36 . 2004-08-10 04:00   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-10 04:00   1291264   ----a-w-   c:\windows\system32\quartz.dll
2005-07-17 20:00 . 2005-07-17 20:00   251   ----a-w-   c:\program files\wt3d.ini
2005-07-20 15:45 . 2005-07-20 15:45   22   --sha-w-   c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-02 2000152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-5 45056]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-9-18 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-02 21:56   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/11/2009 9:51 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2009 4:56 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2009 4:56 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2009 4:55 PM 297752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/18/2008 8:27 PM 66048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/18/2008 8:27 PM 167808]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [7/28/2009 1:50 PM 627072]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
- - - - ORPHANS REMOVED - - - -

BHO-{8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL (http://\"http://kl.bar.need2find.com/KL/menusearch.html?p=KL\")
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kaspersky.nl\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2009-08-18 22:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\hphmon06.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-08-19 22:25 - machine was rebooted
ComboFix-quarantined-files.txt  2009-08-19 03:25

Pre-Run: 195,934,138,368 bytes free
Post-Run: 195,888,168,960 bytes free

208   --- E O F ---   2009-08-12 02:01

Title: Help! Aliens have invaded!
Post by: guestolo on August 19, 2009, 07:47:13 AM

Quote

Running from: G:\Combo-Fix.exe

I actually wanted you NOT to run combofix from your external drive and move it to your Desktop
as I indicated earlier

Can you now do the following
Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.

Title: Help! Aliens have invaded!
Post by: cingal08 on August 19, 2009, 09:42:51 AM

I am NOT exactly sure as to how that Combo-Fix happened.  I clearly see it on my desktop.  But I do see that it was run from G:

Below are my logs from OTL

BTW...thank you for all your HELP

I still do not have internet on the desktop.

OTL logfile created on: 8/19/2009 9:32:12 AM - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.41 Mb Total Physical Memory | 471.59 Mb Available Physical Memory | 46.13% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 182.46 Gb Free Space | 81.14% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.37 Gb Free Space | 17.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 111.79 Gb Total Space | 110.72 Gb Free Space | 99.04% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HPMCE2005
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2005/02/01 13:36:00 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/02 16:55:44 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2005/02/01 13:36:00 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/12/18 19:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2004/09/29 14:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2009/08/02 16:55:47 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/08/02 16:55:47 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2008/12/12 18:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2005/09/22 14:36:20 | 14,854,144 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2005/08/05 14:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2005/02/01 23:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/04 13:01:56 | 00,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2009/07/10 13:59:22 | 00,195,072 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\HP\KBD\KBD.EXE
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2008/12/12 18:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/02/16 04:44:55 | 01,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2009/08/02 16:55:45 | 02,000,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2004/08/09 23:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2005/08/05 14:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
PRC - [2005/05/05 10:52:46 | 00,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2006/04/06 20:19:28 | 00,745,472 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
PRC - [2009/07/03 09:49:06 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [1998/05/07 04:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\windows\system\hpsysdrv.exe
PRC - [2004/06/07 06:42:30 | 00,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\hphmon06.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2009/08/19 09:28:21 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/02/06 17:02:14 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon [Auto | Running])
SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/02/01 13:36:00 | 00,344,064 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/02 16:55:44 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 14:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/03 09:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2005/12/18 19:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2005/08/05 14:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/12/12 18:06:40 | 00,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 14:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2005/03/04 13:02:20 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2005/02/01 13:39:00 | 00,970,240 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/02 16:56:11 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/02 16:56:09 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/02 16:56:16 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2005/04/07 17:18:34 | 00,003,840 | ---- | M] () -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt [System | Running])
DRV - [2004/10/14 10:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/04/01 11:43:02 | 00,066,048 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\EAPPkt.sys -- (EAPPkt [Auto | Running])
DRV - [2003/12/02 13:23:20 | 00,142,336 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k [Boot | Running])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/03/18 10:35:10 | 00,149,120 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Running])
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/12/14 11:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2004/12/14 11:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2004/12/14 11:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/09/23 19:56:28 | 03,966,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2008/04/13 13:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\IrBus.sys -- (IrBus [On_Demand | Stopped])
DRV - [2009/07/03 09:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2005/01/19 12:21:56 | 00,012,416 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio [On_Demand | Stopped])
DRV - [2008/12/12 18:05:18 | 00,023,984 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/09 23:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/12/12 18:05:20 | 00,025,264 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2005/01/26 04:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/03 16:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2006/03/27 17:53:28 | 00,167,808 | ---- | M] (NETGEAR Inc.) -- C:\WINDOWS\System32\DRIVERS\wg111v2.sys -- (RTLWUSB [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2008/12/04 08:17:15 | 00,627,072 | R--- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\DRIVERS\WUSB54GCv3.sys -- (WUSB54GCv3 [On_Demand | Stopped])
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm (http://\"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html (http://\"http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie (http://\"http://www.google.com/ie\")
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm (http://\"http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm\")
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch (http://\"http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 (http://\"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8\")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ (http://\"http://www.google.com/\")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = actsvr.comcastonline.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = actsvr.comcastonline.com:8100
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 03:00:32 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk = C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O8 - Extra context menu item: &Search -  File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: kaspersky.nl ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab (http://\"https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab\") (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (http://\"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab\") (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\") (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (http://\"http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\") (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (http://\"http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab\") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (http://\"http://office.microsoft.com/officeupdate/content/opuc2.cab\") (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\") (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1119489249703 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119489249703\") (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1140026350671 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140026350671\") (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab\") (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (http://\"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab\") (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\") (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab\") (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab\") (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab\") (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter:  - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/05 11:22:22 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/08/19 09:30:27 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/08/19 09:29:48 | 00,000,361 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk
[2009/08/18 22:25:19 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/18 22:25:19 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/18 22:25:19 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/18 22:25:19 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/18 22:25:19 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/18 22:25:19 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/18 22:25:19 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/18 22:25:19 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/18 22:25:18 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/18 22:25:18 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/18 22:25:18 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/18 22:25:18 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/18 22:25:18 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/18 22:25:18 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/18 22:25:18 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/18 22:25:18 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/18 22:25:18 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/18 22:25:18 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/18 22:25:18 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/18 22:25:18 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/18 22:25:18 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/18 22:25:18 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/18 22:25:18 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/18 22:25:18 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/18 22:25:18 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/18 22:25:18 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/08/18 22:25:18 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/18 22:25:18 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/18 22:25:18 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/18 22:25:18 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/18 22:25:18 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/18 22:25:18 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/18 22:25:18 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/18 22:25:18 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/18 22:25:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/18 22:25:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/18 22:25:18 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/18 22:25:18 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/18 22:25:18 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/18 22:25:18 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/18 22:25:18 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/18 22:25:18 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/18 22:25:18 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/18 22:25:18 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/18 22:25:18 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/18 22:25:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/18 21:59:21 | 00,216,064 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/18 21:59:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/18 21:59:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/18 21:59:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/18 21:59:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/18 21:59:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/18 21:59:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/18 21:59:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/18 21:55:10 | 03,124,187 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
[2009/08/18 21:55:00 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/11 21:20:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/11 21:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/02 17:03:09 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/02 16:56:17 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/02 16:56:17 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/02 16:56:16 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/02 16:56:11 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/02 16:56:09 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/02 16:55:57 | 39,754,098 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/02 16:55:55 | 00,064,206 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/02 16:55:54 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/02 16:55:52 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/02 16:55:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/02 16:55:44 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/02 16:55:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/02 16:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG8
[2009/08/02 12:06:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\cmpwrap.dat
[2009/08/02 12:04:47 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\bincd32.dat
[2009/08/02 12:03:45 | 00,000,064 | ---- | C] () -- C:\WINDOWS\ppp4.dat
[2009/08/02 12:03:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/02 12:03:45 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/02 12:03:45 | 00,000,003 | ---- | C] () -- C:\WINDOWS\ppp3.dat
[2009/08/02 12:03:44 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/07/28 13:52:22 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys
[2009/07/28 13:52:04 | 00,023,984 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2009/07/28 13:52:01 | 00,025,264 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2009/07/28 13:51:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2009/07/28 13:51:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/07/28 13:50:29 | 00,627,072 | R--- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\WUSB54GCv3.sys
[2009/07/28 13:50:29 | 00,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2009/07/28 13:50:29 | 00,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2008/05/17 03:02:20 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/11/25 23:07:07 | 00,000,066 | ---- | C] () -- C:\WINDOWS\System32\msremoval.ini
[2007/11/25 23:07:06 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\winetframework.dll
[2007/06/09 12:45:02 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/08 09:30:56 | 00,000,099 | ---- | C] () -- C:\WINDOWS\System32\Painter.ini
[2006/08/03 13:58:49 | 00,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/08/03 13:54:14 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/08/03 13:54:14 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/06/05 08:41:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/08/11 17:53:34 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2005/08/05 15:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/21 09:08:28 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/05/05 11:24:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/05 11:21:34 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/05 11:21:34 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/05 11:21:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/05 11:21:34 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/05 11:21:34 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/05 11:21:34 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/05 10:52:10 | 00,015,326 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/05 10:52:04 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/05 10:51:46 | 00,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/05 10:48:37 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/05 10:25:07 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/05 10:21:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/05/05 10:06:17 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/05 10:04:18 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/05 10:04:18 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/05 10:03:56 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 05:56:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/27 21:41:20 | 00,000,773 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/27 13:30:40 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/01/19 17:45:40 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 17:45:40 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/07/26 09:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/05/03 11:50:00 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003/04/10 17:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[11 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/08/19 09:29:48 | 00,000,361 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to OTL.exe.lnk
[2009/08/19 09:28:21 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2009/08/19 09:23:02 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/08/19 09:22:51 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/19 09:21:34 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/19 09:19:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/19 09:19:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/19 09:19:00 | 10,721,52576 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/18 22:20:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/18 22:19:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/18 21:41:59 | 03,124,187 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
[2009/08/18 19:27:29 | 02,640,914 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2009/08/18 13:57:41 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/11 20:29:36 | 39,754,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/11 20:29:36 | 00,064,206 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/08 17:11:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/08 12:10:14 | 00,216,064 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/08/06 18:02:37 | 00,000,773 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/03 09:51:19 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/02 16:56:17 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/02 16:56:17 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/02 16:56:16 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/02 16:56:11 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/02 16:56:09 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/02 16:55:55 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/02 16:55:54 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/02 12:32:06 | 00,000,064 | ---- | M] () -- C:\WINDOWS\ppp4.dat
[2009/08/02 12:32:06 | 00,000,003 | ---- | M] () -- C:\WINDOWS\ppp3.dat
[2009/08/02 12:27:53 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\bincd32.dat
[2009/08/02 12:06:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\cmpwrap.dat
[2009/08/02 12:03:45 | 00,000,036 | ---- | M] () -- C:\WINDOWS\System32\sysnet.dat
[2009/08/02 12:03:45 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\bennuar.old
[2009/08/02 12:03:44 | 00,000,099 | ---- | M] () -- C:\WINDOWS\System32\sonhelp.htm
[2009/08/02 11:59:03 | 00,004,486 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MSN.com.url
[2009/08/01 10:08:01 | 00,000,458 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/07/28 13:51:50 | 00,446,338 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/28 13:51:50 | 00,073,100 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/28 13:51:49 | 00,529,006 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >



EXTRA'S REPORT

OTL Extras logfile created on: 8/19/2009 9:32:13 AM - Run 1
OTL by OldTimer - Version 3.0.10.7     Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.41 Mb Total Physical Memory | 471.59 Mb Available Physical Memory | 46.13% Memory free
2.40 Gb Paging File | 1.92 Gb Available in Paging File | 80.02% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.87 Gb Total Space | 182.46 Gb Free Space | 81.14% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.37 Gb Free Space | 17.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 111.79 Gb Total Space | 110.72 Gb Free Space | 99.04% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HPMCE2005
Current User Name: HP_Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(tm) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8

Title: Help! Aliens have invaded!
Post by: guestolo on August 20, 2009, 08:52:25 AM

Are you connecting Wirelessly only?
Is it possible to hook up wired and see if you have Internet connection

Can you also try another web browser and let me know if it connects
I suggest Firefox
http://www.mozilla.com/en-US/firefox/all.html (http://\"http://www.mozilla.com/en-US/firefox/all.html\")

Title: Help! Aliens have invaded!
Post by: cingal08 on August 20, 2009, 05:17:43 PM

Hi Questolo! I am replying to you this time from the desktop.  I did get my internet connected.  My adapter was not being detected.  I went back thru the set up.  No good there.  I went into Network Connections and somehow...(but not my me) my settings had been changed.  I set them correctly and tada....I have internet.  And to answer you question....I only have the ability to connect this desktop wirelessly.  The router is completely at the other end of the house.  I didnt have this computer when all that was installed.  BLAH.  Anyway, as soon as I got my internet connection, I DL'd Firefox.  I can tell the computer is so sluggish and slow.  But it is moving.  So what is next for me kind sir?  I await your reply and thank you so much!
C

Title: Help! Aliens have invaded!
Post by: guestolo on August 20, 2009, 11:21:25 PM

I'm not actually seeing Malwarebytes installed on this computer
Can you try redownloading it from the following link
http://download.cnet.com/Malwarebytes-Anti...&tag=button (http://\"http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button\")

Save the installer to the desktop of your computer
Ensure you have it check for updates while installing and run a quick scan if possible
Remove anything it finds
Post it's log afterwards

Title: Help! Aliens have invaded!
Post by: cingal08 on August 21, 2009, 12:16:19 AM

OK...I have tried the install 3 times on the Malwarebytes.  I am using Firefox.  It lets me download the file.  When it tries to install...it gets 3/4 of the way thru extracting files and freezes up on me.  It has placed the MWB icon on my desktop, but has never fully completed the process.  I told you I knew the "crap" was lurking in there??? Well the boogity boogity rared its ugly head.  I had no browser open only the Setup window for MWB and I could hear the advertisement playing thru my speakers for swimsuit models in southern california.  I had barely heard bits and pieces before, but tonite, I got to hear a big piece of it.  Its recruiting girls, models.  ???   But I can see nothing  ???  So, do I go back to the extrernal and try to run a scan from there?  I have tried rebooting, cant get it to work.  GRRR...but thank you for helping me /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Help! Aliens have invaded!
Post by: cingal08 on August 21, 2009, 12:40:51 AM

I went ahead and scanned from my external drive and it worked!!!!!! I posted my log below.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/21/2009 12:36:36 AM
mbam-log-2009-08-21 (00-36-36).txt

Scan type: Quick Scan
Objects scanned: 102642
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.

Title: Help! Aliens have invaded!
Post by: cingal08 on August 21, 2009, 12:59:36 AM

I am sorry to keep reposting.  But after I ran the initial scan from my external, I was able to access the MWB from the desktop computer...finally.  I updated it and did a quick scan.  Below are the results of that scan.  Thx again.

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 5.1.2600 Service Pack 3

8/21/2009 12:56:40 AM
mbam-log-2009-08-21 (00-56-40).txt

Scan type: Quick Scan
Objects scanned: 103168
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.

Title: Help! Aliens have invaded!
Post by: guestolo on August 21, 2009, 05:26:21 AM

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
In addition:
Sysprot Antirootkit
Please download [color=\"#0000FF\"]Sysprot Antirootki[/color]t from the linik
and save to your Desktop

http://sites.google.com/site/sysprotantirootkit/ (http://\"http://sites.google.com/site/sysprotantirootkit/\")

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
     
  
• Click on the Log tab.
     
  
• In the Write to log box select all items.
     
  
• Click on the Create Log button on the bottom right.
     
  
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
     
  
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to.
• Open the text file and copy/paste the log here.
  

Title: Help! Aliens have invaded!
Post by: cingal08 on August 21, 2009, 08:23:09 AM

Ok...I have completed all of that.  I have included all the logs.  Once again, thank you very much for all your help.

Combo-fix Log

ComboFix 09-08-20.07 - HP_Administrator 08/21/2009  7:48.4.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.513 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\c31f316.msp
c:\windows\Installer\c31f329.msp
c:\windows\Installer\c31f331.msp
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACemmyqyrdqj.sys
c:\windows\system32\UAChnywkvlsxw.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACklnxnvrlae.dll
c:\windows\system32\UACotqluqqrfb.dll
c:\windows\system32\UACpxkjqeuwrb.dll
c:\windows\system32\UACtwvabvdtpb.dat

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


(((((((((((((((((((((((((   Files Created from 2009-07-21 to 2009-08-21  )))))))))))))))))))))))))))))))
.

2009-08-21 04:46 . 2009-08-03 18:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 04:46 . 2009-08-21 05:12   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-08-21 04:46 . 2009-08-03 18:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-08-20 21:57 . 2009-08-20 21:57   0   ----a-w-   c:\windows\nsreg.dat
2009-08-20 21:57 . 2009-08-20 21:57   --------   d-----w-   c:\documents and settings\HP_Administrator\Local Settings\Application Data\Mozilla
2009-08-12 02:20 . 2009-08-18 21:27   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-08-12 02:20 . 2009-08-18 21:25   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-02 22:03 . 2009-08-21 10:10   --------   d--h--w-   C:\$AVG8.VAULT$
2009-08-02 21:56 . 2009-08-02 21:56   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-08-02 21:56 . 2009-08-02 21:56   108552   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2009-08-02 21:56 . 2009-08-02 21:56   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-08-02 21:56 . 2009-08-02 21:56   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2009-08-02 21:55 . 2009-08-12 01:30   --------   d-----w-   c:\windows\system32\drivers\Avg
2009-08-02 21:55 . 2009-08-02 21:55   --------   d-----w-   c:\program files\AVG
2009-08-02 21:55 . 2009-08-02 21:55   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-02 21:16 . 2009-08-02 21:16   --------   d-----w-   c:\documents and settings\HP_Administrator\Application Data\AVG8
2009-08-02 17:18 . 2009-08-02 17:18   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2009-08-02 17:06 . 2009-08-02 17:06   0   ----a-w-   c:\windows\system32\cmpwrap.dat
2009-07-28 18:52 . 2009-07-28 18:52   --------   d-----w-   c:\program files\Linksys
2009-07-28 18:52 . 2008-12-12 23:05   23984   ----a-w-   c:\windows\system32\drivers\pnarp.sys
2009-07-28 18:52 . 2008-12-12 23:05   25264   ----a-w-   c:\windows\system32\drivers\purendis.sys
2009-07-28 18:51 . 2009-07-28 18:51   --------   d-----w-   c:\program files\Common Files\Pure Networks Shared
2009-07-28 18:51 . 2009-07-28 18:51   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Pure Networks
2009-07-28 18:50 . 2008-12-04 13:17   627072   ----a-r-   c:\windows\system32\drivers\WUSB54GCv3.sys
2009-07-28 18:50 . 2008-12-04 13:17   221184   ----a-w-   c:\windows\system32\RaCoInst.dll
2009-07-28 18:50 . 2008-12-04 13:17   15312   ----a-r-   c:\windows\system32\RaCoInst.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 03:14 . 2006-06-05 13:40   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-08-12 03:14 . 2006-04-26 17:49   --------   d-----w-   c:\program files\Yahoo!
2009-08-12 03:14 . 2007-05-05 20:46   --------   d--h--r-   c:\documents and settings\HP_Administrator\Application Data\yahoo!
2009-08-02 22:25 . 2005-05-05 15:45   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-08-02 22:25 . 2006-05-30 21:54   --------   d-----w-   c:\program files\Verizon
2009-07-14 18:44 . 2005-06-23 03:10   55048   ----a-w-   c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 00:06 . 2005-05-05 16:02   --------   d-----w-   c:\program files\Google
2009-07-11 23:54 . 2005-05-05 15:26   --------   d-----w-   c:\program files\HP
2009-07-11 23:54 . 2005-05-05 15:26   --------   d-----w-   c:\program files\Hewlett-Packard
2009-07-11 23:53 . 2009-07-11 23:53   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-07-11 23:49 . 2003-05-19 22:01   139264   ----a-w-   c:\windows\system32\hpzjrd01.dll
2009-07-11 23:36 . 2009-07-11 23:36   --------   d-----w-   c:\program files\MSBuild
2009-07-11 23:35 . 2009-07-11 23:35   --------   d-----w-   c:\program files\Reference Assemblies
2009-07-11 16:14 . 2006-09-05 12:39   --------   d-----w-   c:\program files\fsupport
2009-07-11 14:51 . 2009-07-11 14:50   --------   d-----w-   c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-11 14:51 . 2009-07-11 14:51   --------   dc-h--w-   c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-11 14:50 . 2006-02-15 19:59   --------   d-----w-   c:\program files\Lavasoft
2009-07-03 17:09 . 2004-08-10 04:00   915456   ----a-w-   c:\windows\system32\wininet.dll
2009-07-03 14:49 . 2009-07-11 14:51   64160   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-11 16:14   15688   ----a-w-   c:\windows\system32\lsdelete.exe
2009-06-16 14:36 . 2004-08-10 04:00   81920   ----a-w-   c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-10 04:00   1291264   ----a-w-   c:\windows\system32\quartz.dll
2005-07-17 20:00 . 2005-07-17 20:00   251   ----a-w-   c:\program files\wt3d.ini
2005-07-20 15:45 . 2005-07-20 15:45   22   --sha-w-   c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-08-19_03.20.32   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 12:46 . 2009-08-21 12:46   16384              c:\windows\temp\Perflib_Perfdata_3a8.dat
+ 2005-01-28 02:47 . 2009-08-20 21:45   73100              c:\windows\system32\perfc009.dat
- 2005-01-28 02:47 . 2009-07-28 18:51   73100              c:\windows\system32\perfc009.dat
- 2009-07-11 16:14 . 2009-08-19 03:18   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-11 16:14 . 2009-08-21 06:04   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-27 18:29 . 2009-08-21 06:04   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-27 18:29 . 2009-08-19 03:18   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-02 17:18 . 2009-08-20 21:17   16384              c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-08-02 17:18 . 2009-08-19 03:18   16384              c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2005-01-27 18:29 . 2009-08-19 03:18   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-01-27 18:29 . 2009-08-21 06:04   16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-01-28 02:47 . 2009-07-28 18:51   446338              c:\windows\system32\perfh009.dat
+ 2005-01-28 02:47 . 2009-08-20 21:45   446338              c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-02 339968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-02 2000152]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-5 45056]
WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2008-9-18 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-02 21:56   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/11/2009 9:51 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/2/2009 4:56 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/2/2009 4:56 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/2/2009 4:55 PM 297752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/18/2008 8:27 PM 66048]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [7/28/2009 1:50 PM 627072]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [9/18/2008 8:27 PM 167808]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL (http://\"http://kl.bar.need2find.com/KL/menusearch.html?p=KL\")
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: kaspersky.nl\www
FF - ProfilePath - c:\docume~1\HP_ADM~1\APPLIC~1\Mozilla\Firefox\Profiles\azhv9w8e.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2009-08-21 07:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-21  8:01
ComboFix-quarantined-files.txt  2009-08-21 13:01
ComboFix2.txt  2009-08-19 03:25

Pre-Run: 195,689,365,504 bytes free
Post-Run: 195,670,073,344 bytes free

241   --- E O F ---   2009-08-12 02:01


SysProt LOG

SysProt AntiRootkit v1.0.1.0
by swatkat

********************************************************************************
**********
********************************************************************************
**********

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 796
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 888
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 916
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 1120
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MsMpEng.exe
PID: 1308
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1348
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1664
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1756
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PID: 1972
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe
PID: 212
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 416
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 548
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 664
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 704
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 736
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 936
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 1452
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 1500
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\HPZipm12.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1596
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 1748
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1832
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1840
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PID: 696
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 2148
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 3520
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 3536
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3752
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 3968
Hidden: No
Window Visible: No

Name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 2204
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\explorer.exe
PID: 1788
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 1316
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProt.exe
PID: 2872
Hidden: No
Window Visible: Yes

********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \??\C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B8127000
Module End: B8132000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7A90000
Module End: F7A92000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F79A0000
Module End: F79A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7461000
Module End: F748F000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7A92000
Module End: F7A94000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7450000
Module End: F7461000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7590000
Module End: F759A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7B58000
Module End: F7B59000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7810000
Module End: F7817000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F75A0000
Module End: F75AB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7431000
Module End: F7450000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7A94000
Module End: F7A96000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F740B000
Module End: F7431000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F7818000
Module End: F781D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F75B0000
Module End: F75BD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F73F3000
Module End: F740B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fasttx2k.sys
Service Name: fasttx2k
Module Base: F73D0000
Module End: F73F3000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: F73B8000
Module End: F73D0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F75C0000
Module End: F75C9000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F75D0000
Module End: F75DD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F7398000
Module End: F73B8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F7386000
Module End: F7398000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Lbd.sys
Service Name: Lbd
Module Base: F75E0000
Module End: F75EF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7820000
Module End: F7825000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F736F000
Module End: F7386000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F72E2000
Module End: F736F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F72B5000
Module End: F72E2000
Hidden: No

Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F75F0000
Module End: F75FF000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F7600000
Module End: F7610000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F7610000
Module End: F761E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F729B000
Module End: F72B5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F7640000
Module End: F7650000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F7670000
Module End: F7679000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Service Name: ati2mtag
Module Base: F6F0D000
Module End: F7002000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6EF9000
Module End: F6F0D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6ED1000
Module End: F6EF9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7968000
Module End: F796E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F6EAD000
Module End: F6ED1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7970000
Module End: F7978000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
Service Name: hcwPP2
Module Base: F6E88000
Module End: F6EAD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6E65000
Module End: F6E88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Service Name: AgereSoftModem
Module Base: F6D60000
Module End: F6E65000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7978000
Module End: F7980000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: F6D3A000
Module End: F6D60000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: F6D26000
Module End: F6D3A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7680000
Module End: F768D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7980000
Module End: F7986000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\PS2.sys
Service Name: Ps2
Module Base: F7988000
Module End: F798D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7990000
Module End: F7996000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7690000
Module End: F769B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F76A0000
Module End: F76B0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F76B0000
Module End: F76BF000
Hidden: No

Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F7A74000
Module End: F7A77000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7BB0000
Module End: F7BB1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F76C0000
Module End: F76CD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7A80000
Module End: F7A83000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6CE7000
Module End: F6CFE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F76D0000
Module End: F76DB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F76E0000
Module End: F76EC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7998000
Module End: F799D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F6CD6000
Module End: F6CE7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F76F0000
Module End: F76F9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F7830000
Module End: F7835000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7860000
Module End: F7865000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F6CA6000
Module End: F6CD6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F7700000
Module End: F770A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7ABA000
Module End: F7ABC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F6C48000
Module End: F6CA6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F726B000
Module End: F726F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7710000
Module End: F771A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: EE81B000
Module End: EEC00000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: EE7F7000
Module End: EE81B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7082000
Module End: F7091000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F7072000
Module End: F7081000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7ABE000
Module End: F7AC0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7AC0000
Module End: F7AC2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7CCD000
Module End: F7CCE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7AC2000
Module End: F7AC4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F7888000
Module End: F788F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F7890000
Module End: F7896000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7AC4000
Module End: F7AC6000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7AC6000
Module End: F7AC8000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F7898000
Module End: F789D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F78A0000
Module End: F78A8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7A64000
Module End: F7A67000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: EDF7C000
Module End: EDF8F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: EDF23000
Module End: EDF7C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: EDF0A000
Module End: EDF23000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: EDEE4000
Module End: EDF0A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F7052000
Module End: F705B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: EDEBC000
Module End: EDEE4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: EDE9A000
Module End: EDEBC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F7042000
Module End: F704B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: EDE6F000
Module End: EDE9A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: EDDD7000
Module End: EDE47000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7032000
Module End: F703D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F7022000
Module End: F7031000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: F78A8000
Module End: F78AF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys
Service Name: WUSB54GCv3
Module Base: EDC9D000
Module End: EDD37000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\BANTExt.sys
Service Name: BANTExt
Module Base: F7BA1000
Module End: F7BA2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F78B0000
Module End: F78B6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: EDC4C000
Module End: EDC9D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: EDC28000
Module End: EDC4C000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: EDC10000
Module End: EDC28000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7B00000
Module End: F7B02000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: EDFC7000
Module End: EDFCA000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F78F0000
Module End: F78F5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7C8D000
Module End: F7C8E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
Service Name: EAPPkt
Module Base: B8DBF000
Module End: B8DD0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B8F30000
Module End: B8F34000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\pnarp.sys
Service Name: pnarp
Module Base: F7930000
Module End: F7935000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\purendis.sys
Service Name: purendis
Module Base: F7940000
Module End: F7945000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B8B3A000
Module End: B8B67000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B8B25000
Module End: B8B3A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B8CBF000
Module End: B8CCE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B89D1000
Module End: B8A12000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B865F000
Module End: B86B1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: F78D8000
Module End: F78DE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: B7F5C000
Module End: B7F7F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MSPQM.sys
Service Name: MSPQM
Module Base: F7AFC000
Module End: F7AFE000
Hidden: No

Module Name: \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F78C0000
Module End: F78C8000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Service Name: ---
Module Base: F7B2A000
Module End: F7B2C000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: B7E43000
Module End: B7E6E000
Hidden: No

********************************************************************************
**********
********************************************************************************
**********
SSDT:
Function Name: ZwCreateKey
Address: F75E087E
Driver Base: F75E0000
Driver End: F75EF000
Driver Name: Lbd.sys

Function Name: ZwSetValueKey
Address: F75E0BFE
Driver Base: F75E0000
Driver End: F75EF000
Driver Name: Lbd.sys

********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found

********************************************************************************
**********
********************************************************************************
**********
No IRP Hooks found

********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: HPMCE2005:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HPMCE2005:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: HPMCE2005:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: HPMCE2005:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: HPMCE2005:10080
Remote Address: LOCALHOST:1441
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HPMCE2005:10080
Remote Address: LOCALHOST:1439
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HPMCE2005:10080
Remote Address: LOCALHOST:1437
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: HPMCE2005:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: HPMCE2005:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: HPMCE2005:1256
Remote Address: LOCALHOST:1255
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HPMCE2005:1255
Remote Address: LOCALHOST:1256
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HPMCE2005:1252
Remote Address: LOCALHOST:1251
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HPMCE2005:1251
Remote Address: LOCALHOST:1252
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: HPMCE2005:1031
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: HPMCE2005:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: HPMCE2005:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: HPMCE2005:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: HPMCE2005:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HPMCE2005:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HPMCE2005:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: HPMCE2005:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HPMCE2005:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HPMCE2005:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: HPMCE2005:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: HPMCE2005:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: HPMCE2005:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: HPMCE2005:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

********************************************************************************
**********
********************************************************************************
**********
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}
Status: Access denied

Title: Help! Aliens have invaded!
Post by: guestolo on August 21, 2009, 08:28:28 PM

That's looking better, but can you still do the following

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] (http://\"http://www.atribune.org/ccount/click.php?id=1\") by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

again run Malwarebytes' Antimalware from the shortcut on your desktop, Check for updates, run another scan and post it's new log

Once again, temporarily disable AVG protection
Then, Go to the following link
[color=\"blue\"]Kaspersky Online Scanner[/color] (http://\"http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html\")

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when/if prompted to install its ActiveX component.
(Note.. for Internet [color=\"#3333FF\"]Explorer 7[/color] users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%[/i].)
The program launches and downloads the latest definition files.

• Once the files are downloaded click on Next
  
• Click OK and, under select a target to scan, select My Computer
  

When the scan is done, in the [color=\"Navy\"]Scan is completed [/color]window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the [color=\"Navy\"]Save as [/color]prompt, [color=\"navy\"]Save in[/color] area, select: Desktop
In the [color=\"navy\"]File name[/color] area, use KScan, or something similar
In [color=\"navy\"]Save as type[/color], click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the [color=\"Navy\"]Kaspersky Online Scanner Report [/color]in your reply.

Don't forget to reenable your protection with AVG resident shield

Title: Help! Aliens have invaded!
Post by: cingal08 on August 22, 2009, 02:05:49 AM

[quote name=\'guestolo\' post=\'464833\' date=\'Aug 21 2009, 08:28 PM\']<br />That's looking better, but can you still do the following<br /><br />Download <a href="http://www.atribune.org/ccount/click.php?id=1" target="_blank" rel="nofollow"><font color="#FF0000"><b>&gt; ATF Cleaner &lt;</b></font></a> by Atribune and save it to your Desktop.<br /><br />Double Click on <b>ATF-Cleaner.exe</b> to Run it<br />Check the boxes to the left of:<br /><br /><b>Windows Temp<br />Current User Temp<br />All Users Temp<br />Temporary Internet Files<br />*Prefetch (Windows XP) only.<br />Java Cache<br /></b><br />The rest are optional - if you want to remove the lot, check &quot;Select All&quot;.<br />Finally click <b>Empty Selected</b>. When you get the &quot;Done Cleaning&quot; message, click <b>OK</b>.<br />If you use <b>Firefox</b> browser<br />      Click <b>Firefox</b> at the top and choose: <b>Select All</b><br />      Click the <b>Empty Selected</b> button.<br />      NOTE: If you would like to keep your saved passwords, please click <b>No</b> at the prompt.<br />Click <b>Exit</b> from the Main menu<br /><br />again run Malwarebytes' Antimalware from the shortcut on your desktop, Check for updates, run another scan and post it's new log<br /><br />Once again, temporarily disable AVG protection<br />Then, Go to the following link<br /><a href="http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html" target="_blank" rel="nofollow"><font color="blue"><u><b>Kaspersky Online Scanner</b></u></font></a><br /><br />Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component<br /><br />Click Yes, when/if prompted to install its ActiveX component.<br />(<b>Note</b>.. <i>for Internet <b><font color="#3333FF">Explorer 7</font></b> users: If at any time you have trouble with the &quot;<b>Accept</b>&quot; button of the license, click on the &quot;<b>Zoom</b>&quot; tool located at the bottom right of the IE window and set the zoom to <u>75</u> %. Once the license has been accepted, <u>reset to 100%</i>.</u>)<br />The program launches and downloads the latest definition files. <ul><li>Once the files are downloaded click on <b>Next</b></li><li> Click <b>OK</b> and, under select a target to scan, select <b>My Computer</b></li></ul>When the scan is done, in the <i><font color="Navy">Scan is completed </font></i>window (below), any infection is displayed.<br />There is no option to clean/disinfect, however, we need to analyze the information on the report.<br /><br />To obtain the report:<br />Click on: <b>Save Report As</b> (above - red blinking arrow)<br />Next, in the <i><font color="Navy">Save as </font></i>prompt, <i><font color="navy">Save in</font></i> area, select: <b>Desktop</b><br />In the <i><font color="navy">File name</font></i> area, use<b> KScan</b>, or something similar<br />In <i><font color="navy">Save as type</font></i>, click the drop arrow and select: <b>Text file [*.txt]</b><br />Then, click: <b>Save</b><br />Please post the <b><font color="Navy">Kaspersky Online Scanner Report </font></b>in your reply.<br /><br />Don't forget to reenable your protection with AVG resident shield<br />[/quote]<br /><br /><br />

Title: Help! Aliens have invaded!
Post by: guestolo on August 22, 2009, 11:40:59 AM

???

Title: Help! Aliens have invaded!
Post by: cingal08 on August 22, 2009, 12:03:10 PM

[quote name=\'guestolo\' post=\'464847\' date=\'Aug 22 2009, 11:40 AM\']<br />???<br />[/quote]<br /><br /><br />

I am not sure what I did...please help...I posted up all of my reports that you gave me to do...and realized I need to tell you that I did do the ATF Cleaner also so before sending my "fast reply" I clicked edit to add a note to my reply.  Now....I cant get a fast reply at all and all of my messages are jumbled and garbled up.  ACK.  Dont you hate dealing with newbies?  I have the reports but hate to post them with all this jumbled crap in them

Title: Help! Aliens have invaded!
Post by: guestolo on August 22, 2009, 12:12:49 PM

Can you use the ADD REPLY button please on the bottom right instead of Fast reply?

Title: Help! Aliens have invaded!
Post by: cingal08 on August 22, 2009, 12:19:39 PM

[quote name=\'guestolo\' post=\'464852\' date=\'Aug 22 2009, 12:12 PM\']<br />Can you use the ADD REPLY button please on the bottom right instead of Fast reply?<br />[/quote]<br /><br /><br />

I dont see add reply.  Only Fast Reply and New Topic.  So I am going to try this.  I did do the ATF Cleaner and below are my MWB log and below that will be my KScan log.  Hope this works.

Malwarebytes' Anti-Malware 1.40
Database version: 2674
Windows 5.1.2600 Service Pack 3

8/21/2009 8:52:11 PM
mbam-log-2009-08-21 (20-52-11).txt

Scan type: Quick Scan
Objects scanned: 103239
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


KSCAN BELOW

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Saturday, August 22, 2009
 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Saturday, August 22, 2009 04:21:40
 Records in database: 2674329
--------------------------------------------------------------------------------

Scan settings:
   scan using the following database: extended
   Scan archives: yes
   Scan e-mail databases: yes

Scan area - My Computer:
   C:\
   D:\
   E:\
   F:\
   H:\
   I:\
   J:\
   K:\

Scan statistics:
   Objects scanned: 93025
   Threats found: 8
   Infected objects found: 7
   Suspicious objects found: 1
   Scan duration: 02:18:31


File name / Threat / Threats count
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-708d1fe9   Infected: Exploit.Java.Gimsh.b   1
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\archive.pst   Suspicious: Trojan-Spy.HTML.Fraud.gen   1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE   Infected: not-a-virus:AdWare.Win32.SearchIt.t   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACemmyqyrdqj.sys.vir   Infected: Rootkit.Win32.Agent.moy   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChnywkvlsxw.dll.vir   Infected: Trojan.Win32.Tdss.ajkj   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACklnxnvrlae.dll.vir   Infected: Trojan.Win32.Tdss.anrc   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACotqluqqrfb.dll.vir   Infected: Packed.Win32.Tdss.m   1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpxkjqeuwrb.dll.vir   Infected: Packed.Win32.TDSS.y   1

Selected area has been scanned.

Title: Help! Aliens have invaded!
Post by: guestolo on August 22, 2009, 12:21:19 PM

How is everything running on your end now?
It's looking a lot better

Title: Help! Aliens have invaded!
Post by: cingal08 on August 22, 2009, 12:29:33 PM

[quote name=\'guestolo\' post=\'464855\' date=\'Aug 22 2009, 12:21 PM\']<br />How is everything running on your end now?<br />It's looking a lot better<br />[/quote]<br /><br /><br />

It is running GOOD!! Doing what it is supposed to do!! No problem connecting on the first time.  Using Firefox.  Which is much better.  I havent been surfing or anything yet.  Havent been using it except to do what you tell me.  But yes, my downloads and eveything are going great.  Thank you ever so much!!

Title: Help! Aliens have invaded!
Post by: guestolo on August 22, 2009, 01:12:48 PM

Let's do a bit of cleaning up

Go to START>>in the search field type in run
Hit Enter
In the run command, copy and paste the following

combofix /u
Hit Enter, this will uninstall ComboFix and it's components

Let's update Sun Java, Adobe Reader, and Adobe Flash, to help plug some security holes that malware can use to infect your computer

Open Control Panel, In Classic view, open the Java icon
and select Settings under Temporary files>>then Delete files, when complete close Java
access Programs and Features
At this point close All Browser windows that are open
Uninstall the following:
Javaâ„¢ 6 Update 13
Javaâ„¢ 6 Update 7
Adobe Reader 7.0.9

After removal, open your browser and come back here
Go to the following link
http://kb2.adobe.com/cps/141/tn_14157.html (http://\"http://kb2.adobe.com/cps/141/tn_14157.html\")

Download and save to desktop the uninstaller for Flash
uninstall_flash_player.exe
Once saved to desktop, again close all browser windows
Right click on the Flash uninstaller and choose to "Run as Administrator"

After successfully running the uninstaller, you can manually delete it from desktop
Right click on the Hijackthis shortcut and "Run as Admin"
Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {8FD66659-A7AF-4641-9999-C56607D3A0AB} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL (http://\"http://kl.bar.need2find.com/KL/menusearch.html?p=KL\")

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Right click on OTL.exe, choose to "Run as Admin"
Click on the Cleanup button and follow the prompts
This will help to remove tools that we used and remove OTL itself
Allow to reboot the computer at the prompt

Back in Windows
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
  
• Scroll down to where it says "JRE 6 Update 16".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select Windows, beside PLATFORM:>>Check the "agree" box and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Then from your desktop right-click on jre-6u16-windows-i586.exe that you downloaded, choose "Run as Admin" to install the newest version.
  

NOTE: Java may install a Quick Starter service to run on startup which is really not needed
After installation, simply open the Java icon in Control Panel
Under Advanced tab, expand Miscellaneous, untick "Java Quick Starter" if selected
Apply and Ok it, then exit the Java control panel

You can delete the Java installer after successful installation
Update your Flash, using Internet Explorer
go to the following link
http://www.adobe.com/products/flashplayer/ (http://\"http://www.adobe.com/products/flashplayer/\")

Allow ActiveX control install when prompted
DO NOT install any Toolbar related software, unless preferred
UNTICK the selection to install any

After you have updated Flash for IE
Then install Flash for Firefox
Using the Firefox browser, again go to the following link
http://www.adobe.com/products/flashplayer/ (http://\"http://www.adobe.com/products/flashplayer/\")
Download/save to desktop the Flash installer
Close Firefox
Run the installer to install latest flash

Update Adobe Reader
Go to the following link
http://get.adobe.com/reader/ (http://\"http://get.adobe.com/reader/\")
Download and Install the latest
NOTE: When installing, if you have the option to untick any Toolbars, etc.. they may add to the installer
Choose NOT to install any, they are not needed for the A. Reader to function properly
That really goes with any free software, if a toolbar is not needed or wanted, why install it


I suggest that you add SpywareBlaster to your protection software
SpywareBlaster  by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  
At the link you can read more about it then continue with
Free Download on the right>>Continue Download at next page
Basically it

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

You may have an old email with attachment that is infected, carefully go through any emails
in Outlook and remove any you are unsure about, clear your deleted items folder
After all the above is complete

Can you again Right click on Hijackthis and choose to "Run as Admin">>Select to do a System Scan and Save logfile and post back here the new log that opens

Title: Help! Aliens have invaded!
Post by: guestolo on August 22, 2009, 01:28:49 PM

HI again Cingal08
In my last reply I asked you run many of the tools by Right clicking on them and choosing to "Run as Adminstrator"
You can ignore that step, just double click on them to run them
For some reason, I had in my mind you were running Vista, just noticed you have XP SP3

Sorry if there was any confusion

Title: Help! Aliens have invaded!
Post by: cingal08 on August 22, 2009, 10:57:23 PM

[quote name=\'guestolo\' post=\'464858\' date=\'Aug 22 2009, 01:28 PM\']<br />HI again Cingal08<br />In my last reply I asked you run many of the tools by Right clicking on them and choosing to &quot;Run as Adminstrator&quot;<br />You can ignore that step, just double click on them to run them<br />For some reason, I had in my mind you were running Vista, just noticed you have XP SP3<br /><br />Sorry if there was any confusion<br />[/quote]<br /><br /><br />

Hi, Im back.  I completed all of the above successfully.  The only thing I didnt find was a couple of the check marks in the first HJ This.  There were a couple of the files already gone.  Hoping they were already cleaned?  I am posting the HJT log I completed after everything was finished. I do not see those files in the current HJT log either.  

I wanted to ask you since we are cleaning things up....can I get rid of the Ad-Aware?  It appears to be useless.  And anything else you think could be possibly useless, harmful or risky, I will ditch.  Just let me know.  Thanks a million.

Cindy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:36 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=desktop\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = actsvr.comcastonline.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...oad/tgctlcm.cab (http://\"https://activatemyfios.verizon.net/sdcCommon/download/tgctlcm.cab\")
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab (http://\"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab\")
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (http://\"http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119489249703 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119489249703\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1140026350671 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140026350671\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (http://\"http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10148 bytes

Title: Help! Aliens have invaded!
Post by: guestolo on August 23, 2009, 10:12:10 AM

Quote

can I get rid of the Ad-Aware

Yes you can, personally I haven't used it in awhile, your choice
Ensure to reboot the computer after removal

Back in Windows
To help speed startup time and save resources, optionally do the following
Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp

You can manually check for updates within Adobe Reader under the HELP menu
Also, you can select Preferences and decide when to have Adobe check for updates
Weekly or Monthly, or not at all, and manually check
Note: After installing the newer version of Adobe, it's a good idea to double check to see if there is still more updates manually in the Help menu

You may also want to disable entries related to HP Updater and manually check for updates yourself
From your Start>>All Programs menu
You can optionally tick the next entries
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe


After you have ticked any of the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Take a look at the following link for more ideas
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html (http://\"http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html\")

Hope that helps  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: Help! Aliens have invaded!
Post by: cingal08 on August 24, 2009, 07:12:13 PM

Hi questolo
I did all you requested.  I went to the link and did some of the clean ups suggested.  I still have some programs on this computer that I am unsure of what they are or if I need them.  So I will go thru them and ditch the ones I dont need.  That may take a little bit of time.  But the long and short of it...the computer is running GREAT!!!!  So...anything else you can offer?  Thank you ever so much for everything!!

Title: Help! Aliens have invaded!
Post by: guestolo on August 27, 2009, 09:06:19 PM

I think everything should be running good if you followed my last link
How is everything running? If good, I'll lock this topic