Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help removing virus.

Started by eightoheight , May 15 2011 02:18 PM

Please log in to reply

#1
eightoheight

Posted 15 May 2011 - 02:18 PM

New Member

Member
9 posts

I have a really bad virus on my computer. It won't let me browse the internet with FireFox and every time I open anything a new process, kit.exe, starts. I'm able to end it but it eventually comes back in multiples if I do.

I read a few forums but can't find anything that actually helps me (mostly because I can't understand what's being said - I'm not a "techie"), so I was wondering if anyone here could help me out.

I ran a few scans and below are the logs. The virus wouldn't let me run ComboFix. I could download it but the .exe file got changed to a different name in the process and when they told me to change the name back (a message popped up) the virus started 12 new processes and shut my system down. It did the same thing with Malwarebytes' Anti-Malware. As for Kaspersky, it scanned for about two hours, was at 75% then fell down to 12% and got stuck there for another 2 hours so I couldn't do a scan on there.

NoMD5:

NoMD5Sys by jpshortstuff (29.10.09.1)
Log created at 23:26 on 28/03/2011 (Compaq_Owner)

-=E.O.F=-

C:\WINDOWS\system32\en-us...
C:\WINDOWS\system32\export...
C:\WINDOWS\system32\FxsTmp...
C:\WINDOWS\system32\icsxml...
C:\WINDOWS\system32\IME...
C:\WINDOWS\system32\IME\CINTLGNT...
C:\WINDOWS\system32\IME\PINTLGNT...
C:\WINDOWS\system32\IME\TINTLGNT...
C:\WINDOWS\system32\inetsrv...
C:\WINDOWS\system32\Macromed...
C:\WINDOWS\system32\Macromed\Director...
C:\WINDOWS\system32\Macromed\Flash...
C:\WINDOWS\system32\Macromed\Shockwave 10...
C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras...
C:\WINDOWS\system32\Microsoft...
C:\WINDOWS\system32\Microsoft\Protect...
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18...
C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User...
C:\WINDOWS\system32\MpEngineStore...
C:\WINDOWS\system32\MpEngineStore\History...
C:\WINDOWS\system32\MpEngineStore\History\Reboot...
C:\WINDOWS\system32\MpEngineStore\RebootActions...
C:\WINDOWS\system32\MsDtc...
C:\WINDOWS\system32\MsDtc\Trace...
C:\WINDOWS\system32\mui...
C:\WINDOWS\system32\mui\0009...
C:\WINDOWS\system32\mui\0409...
C:\WINDOWS\system32\mui\041b...
C:\WINDOWS\system32\mui\0424...
C:\WINDOWS\system32\mui\dispspec...
C:\WINDOWS\system32\oobe...
C:\WINDOWS\system32\pcintro...
C:\WINDOWS\system32\pcintro\elements...
C:\WINDOWS\system32\pcintro\elements\photos...
C:\WINDOWS\system32\pcintro\elements\ro_icons...
C:\WINDOWS\system32\pcintro\elements\timeline...
C:\WINDOWS\system32\pcintro\elements\timeline\3...
C:\WINDOWS\system32\pcintro\elements\timeline\4...
C:\WINDOWS\system32\pcintro\elements\timeline\5...
C:\WINDOWS\system32\pcintro\elements\timeline\6...
C:\WINDOWS\system32\pcintro\elements\titleblocks...
C:\WINDOWS\system32\pcintro\elements\wait...
C:\WINDOWS\system32\PreInstall...
C:\WINDOWS\system32\PreInstall\WinSE...
C:\WINDOWS\system32\PreInstall\WinSE\wxp_x86_0409_v1...
C:\WINDOWS\system32\QuickTime...
C:\WINDOWS\system32\ReinstallBackups...
C:\WINDOWS\system32\ReinstallBackups\0000...
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386...
C:\WINDOWS\system32\ReinstallBackups\0001...
C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0002...
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386...
C:\WINDOWS\system32\ReinstallBackups\0003...
C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0004...
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles...
C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386...
C:\WINDOWS\system32\Restore...
C:\WINDOWS\system32\scripting...
C:\WINDOWS\system32\Setup...
C:\WINDOWS\system32\SoftwareDistribution...
C:\WINDOWS\system32\SoftwareDistribution\Setup...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll...
C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.
226...
C:\WINDOWS\system32\spool...
C:\WINDOWS\system32\spool\drivers...
C:\WINDOWS\system32\spool\drivers\color...
C:\WINDOWS\system32\spool\drivers\w32x86...
C:\WINDOWS\system32\spool\drivers\w32x86\3...
C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_c4400_se709...
C:\WINDOWS\system32\spool\PRINTERS...
C:\WINDOWS\system32\spool\prtprocs...
C:\WINDOWS\system32\spool\prtprocs\w32x86...
C:\WINDOWS\system32\spool\prtprocs\x64...
C:\WINDOWS\system32\spool\XPSEP...
C:\WINDOWS\system32\spool\XPSEP\amd64...
C:\WINDOWS\system32\spool\XPSEP\amd64\amd64...
C:\WINDOWS\system32\spool\XPSEP\i386...
C:\WINDOWS\system32\spool\XPSEP\i386\i386...
C:\WINDOWS\system32\URTTemp...
C:\WINDOWS\system32\usmt...
C:\WINDOWS\system32\wbem...
C:\WINDOWS\system32\wbem\AutoRecover...
C:\WINDOWS\system32\wbem\Logs...
C:\WINDOWS\system32\wbem\mof...
C:\WINDOWS\system32\wbem\mof\bad...
C:\WINDOWS\system32\wbem\mof\good...
C:\WINDOWS\system32\wbem\Performance...
C:\WINDOWS\system32\wbem\Repository...
C:\WINDOWS\system32\wbem\Repository\FS...
C:\WINDOWS\system32\wbem\snmp...
C:\WINDOWS\system32\wbem\xml...
C:\WINDOWS\system32\XPSViewer...
C:\WINDOWS\system32\XPSViewer\en-US...
C:\WINDOWS\Tasks...
C:\WINDOWS\Temp...
C:\WINDOWS\twain_32...
C:\WINDOWS\twain_32\913D Camera...
C:\WINDOWS\twain_32\hpsj_0000...
C:\WINDOWS\twain_32\JL2005D...
C:\WINDOWS\twain_32\MyDSC...
C:\WINDOWS\twain_32\MyDSC\Skin...
C:\WINDOWS\twain_32\MyDSC\Temp...
C:\WINDOWS\twain_32\QuickCam...
C:\WINDOWS\VerizonOnline...
C:\WINDOWS\VerizonOnline\SfpSrvrLogs...
C:\WINDOWS\WBEM...
C:\WINDOWS\Web...
C:\WINDOWS\Web\printers...
C:\WINDOWS\Web\printers\images...
C:\WINDOWS\Web\Wallpaper...
C:\WINDOWS\Web\Wallpaper\welcome...
C:\WINDOWS\WinSxS...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_
673f7fa2...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_
069f922e...
C:\WINDOWS\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-
ww_22d6ba8a...
C:\WINDOWS\WinSxS\InstallTemp...
C:\WINDOWS\WinSxS\Manifests...
C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0(2).0_x-ww_6e57c34e...

C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e...
C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww
_97359ba5...
C:\WINDOWS\WinSxS\Policies...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_
x-ww_fe3d5721...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_
x-ww_16f3e195...
C:\WINDOWS\WinSxS\Policies\amd64_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e
3b_x-ww_ca951597...
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144cc
f1df_x-ww_4e8510ac...
C:\WINDOWS\WinSxS\Policies\x86_policy.4.1.Microsoft.MSXML2R_6bd6b9abf345378f_x-w
w_679a1c95...
C:\WINDOWS\WinSxS\Policies\x86_policy.4.20.Microsoft.MSXML2_6bd6b9abf345378f_x-w
w_88e8eab8...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_659
5b64144ccf1df_x-ww_a0111510...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_65
95b64144ccf1df_x-ww_362e60dd...
C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_65
95b64144ccf1df_x-ww_c7b7206f...
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Tools.VisualCPlusPlus.Runtim
e-Libraries_6595b64144ccf1df_x-ww_527a1c68...
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595
b64144ccf1df_x-ww_5ddad775...
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_659
5b64144ccf1df_x-ww_a317e4b3...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-
ww_5f0bbcff...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-
ww_77c24773...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_caeee150...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_x-
ww_0f75c32e...
C:\WINDOWS\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b
_x-ww_7d81c9f9...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_x-
ww_9e7eb501...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_x-
ww_b7353f75...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b
_x-ww_b8438ace...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_x-
ww_4ee8bb30...
C:\WINDOWS\WinSxS\Policies\x86_policy.9.0.Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b
_x-ww_6ad67377...
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a..
.
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb..
.
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da...

C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5
d...
C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d
5...
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.0.0_x-ww_ff9986d7...
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b641
44ccf1df_6.0.9792.0_x-ww_08a6620a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_47
3666fd...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_78
37863c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb
27474...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85
597b...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b8
0fa8ca...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6
967989...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_17
9798c8...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b1
28700...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de5
6c07...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww
_0ccc058c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww
_3dcd24cb...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
91481303...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_3
41af80a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b7
7cec8e...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e8
7e0bcd...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf
8fa05...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decb
df0c...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww
_189d6662...
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_
6c18549a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf
0e9...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_35
3599c2...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65
b7a93a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0
375...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d4
95ac4e...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_05
17bbc6...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11
f3ea3a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww
_15fc9313...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww
_467ea28b...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a1737
67a...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a5
7c1f53...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5
fe2ecb...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ec
c42bd1...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww
_f0ccd4aa...
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww
_214ee422...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0
_x-ww_1382d70a...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2180_x-ww_a84f1ff9...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.2982_x-ww_ac3f9c03...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.5512_x-ww_35d4ce83...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.260
0.6028_x-ww_61e65202...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.
0_x-ww_2726e76a...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.2180_x-ww_b2505ed9...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.26
00.5512_x-ww_3fd60d63...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d
353f13...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x
-ww_522f9f82...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x
-ww_dfb54e0c...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_
x-ww_f0b4c2df...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_
x-ww_c7dad023...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2
.3_x-ww_468466a7...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2
.3_x-ww_d6bd8b95...
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2
.3_en_16a24bc0...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0(2).0_x-ww
_7d5f3790...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d
5f3790...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0(2).0_x-ww
_29b51492...
C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29
b51492...

Done!

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:51 PM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:18810
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Easy Dock] C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\My Documents\RCA easyRip\EZDock.exe
O4 - HKCU\..\Run: [quosbhhm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kftsxsyut\tifbdvtsika.exe
O4 - HKCU\..\Run: [kchktphm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\jphgxmyue\kfpsqgssika.exe
O4 - HKCU\..\Run: [tliimboh] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kimckdjsp\vnnjwnfsika.exe
O4 - HKCU\..\Run: [ylmglgmc] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kejmdvbvt\tpmubtgsika.exe
O4 - HKUS\S-1-5-18\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'Default user')
O8 - Extra context menu item: Download all by RedTube Grabber - C:\Program Files\RedTubeGrabber\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\RedTubeGrabber\downlink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8085 bytes

#2
RKinner

Posted 15 May 2011 - 11:05 PM

Malware Expert

Expert
24,625 posts

Boot into Safe Mode: Reboot and when you hear the beep, see the maker's logo or it mentions F8, start slowly tapping the F8 key. Keep tapping until you see the Safe mode menu. Chose the top option (Safe Mode). Log on with your usual logon. Run Hijackthis again, Scan Only and then check the following and Fix Checked.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:18810
O4 - HKCU\..\Run: [quosbhhm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kftsxsyut\tifbdvtsika.exe
O4 - HKCU\..\Run: [kchktphm] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\jphgxmyue\kfpsqgssika.exe
O4 - HKCU\..\Run: [tliimboh] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kimckdjsp\vnnjwnfsika.exe
O4 - HKCU\..\Run: [ylmglgmc] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\kejmdvbvt\tpmubtgsika.exe
O4 - HKUS\S-1-5-18\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CE8SIIFGSU] C:\WINDOWS\TEMP\Ske.exe (User 'Default user')
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)

Boot back into regular mode. See if you can download OTL and run it per our instructions:
http://www.geekstogo...uide-t2852.html
Copy and Paste the logs into your reply.

If you still can't get OTL then run Hijackthis again and post its log.

Ron

#3
eightoheight

Posted 17 May 2011 - 12:41 AM

New Member

Topic Starter
Member
9 posts

Ok, I will do this as soon as I can. I'm lucky that I'm able to be on right now. It keeps shutting down on me. After ten minutes my computer just won't let me do anything. It's basically freezing but I'm still able to move my mouse around and what not.

I WILL get to this and response though. Please don't close this thread.

#4
eightoheight

Posted 23 May 2011 - 06:45 PM

New Member

Topic Starter
Member
9 posts

I couldn't boot in safe mode. I got to the menu and selected it but it just froze on a list of system files. I don't think it's the virus since it wouldn't have a chance to start up yet (at least I think so), so I don't know what's going on.

#5
RKinner

Posted 23 May 2011 - 06:56 PM

Malware Expert

Expert
24,625 posts

then try and do it in regular mode.

#6
eightoheight

Posted 25 May 2011 - 02:51 AM

New Member

Topic Starter
Member
9 posts

OTL logfile created on: 3/31/2011 12:26:24 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 62.31% Memory free
3.29 Gb Paging File | 2.95 Gb Available in Paging File | 89.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.02 Gb Total Space | 8.53 Gb Free Space | 12.54% Space Free | Partition Type: NTFS
Drive D: | 69.86 Gb Total Space | 22.13 Gb Free Space | 31.68% Space Free | Partition Type: NTFS
Drive E: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.34% Space Free | Partition Type: FAT32

Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/31 12:24:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/10 14:50:42 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2005/01/23 23:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe

========== Modules (SafeList) ==========

MOD - [2011/03/31 12:24:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
MOD - [2010/08/23 06:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

========== Driver Services (SafeList) ==========

DRV - [2011/03/27 20:40:21 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2005/06/07 19:44:36 | 001,235,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 08:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/14 18:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 11:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 08:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/25 03:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 12:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:11.2.9.1
FF - prefs.js..extensions.enabledItems: hotmailwatcher@sonthakit:1.34
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/03/06 18:40:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 21:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 21:39:32 | 000,000,000 | ---D | M]

[2010/12/16 07:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Extensions
[2011/03/28 21:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions
[2011/02/27 00:56:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/03/28 21:38:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 11:43:14 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/12/21 21:20:16 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/12/21 21:12:47 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2011/03/05 08:17:16 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/03/13 11:43:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/03/05 08:17:18 | 000,000,000 | ---D | M] (Ø´Ø±ÙŠØ· Ø£Ø¯ÙˆØ§Øª ÙÙŠØ³ Ø¨ÙˆÙƒ) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/02/28 11:14:14 | 000,000,000 | ---D | M] (fusionloader) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/03/17 23:00:27 | 000,000,000 | ---D | M] (Hotmail Watcher) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\hotmailwatcher@sonthakit
[2011/03/28 21:44:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/19 14:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/24 05:41:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/24 05:41:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/24 05:41:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivX Download Manager] File not found
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [Easy Dock] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 19:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 03:39:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/02/14 12:44:42 | 000,000,090 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{2a284012-0e7f-11e0-9baa-0013d4ba4ad9}\Shell - "" = AutoRun
O33 - MountPoints2\{2a284012-0e7f-11e0-9baa-0013d4ba4ad9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a284012-0e7f-11e0-9baa-0013d4ba4ad9}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{c61457bf-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell - "" = AutoRun
O33 - MountPoints2\{c61457bf-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61457bf-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c61457c0-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/03/31 12:24:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
[2011/03/31 08:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\lifescirclephpbb
[2011/03/30 16:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\RK_Quarantine
[2011/03/29 09:48:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\com
[2011/03/28 23:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/28 23:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Start Menu\Programs\HiJackThis
[2011/03/28 23:33:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/28 23:11:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/03/28 21:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/28 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/03/28 02:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/03/28 01:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\ConsumerSoft
[2011/03/28 00:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/27 21:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/27 20:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\SlimWare Utilities Inc
[2011/03/27 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/03/27 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent
[2011/03/27 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2011/03/27 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Sony Corporation
[2011/03/27 15:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/03/27 15:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/03/27 15:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/03/27 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\ahead
[2011/03/27 15:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\SampleView
[2011/03/27 15:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\OpenCandy
[2011/03/27 15:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Aspell
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Method Solutions
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Estsoft
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\diledmbc
[2011/03/27 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/03/27 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/27 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\115D
[2011/03/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011/03/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/27 15:35:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/03/27 15:35:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/03/27 15:33:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/03/27 15:33:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/03/25 15:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/03/12 04:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\TechSmith
[2011/03/12 04:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/03/06 20:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\Iceni
[2011/03/06 18:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/03/06 18:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\HP
[2011/03/06 18:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

========== Files - Modified Within 30 Days ==========

[2011/03/31 12:24:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
[2011/03/31 12:23:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/31 12:11:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/03/31 04:56:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 04:56:26 | 1541,984,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/31 04:02:40 | 000,015,106 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/31 04:02:40 | 000,015,106 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/31 03:04:27 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/31 02:38:00 | 000,800,411 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\lifescir_db.sql.gz
[2011/03/30 12:07:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/03/29 00:52:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 21:27:43 | 000,215,334 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe
[2011/03/28 19:43:48 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 16:38:28 | 001,862,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/28 15:48:46 | 000,471,824 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 15:48:46 | 000,082,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/28 00:00:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/27 20:40:21 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/03/23 11:11:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Ÿ9Ÿ9
[2011/03/10 17:35:01 | 000,004,870 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/10 17:35:01 | 000,004,870 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/06 18:56:37 | 000,165,413 | ---- | M] () -- C:\WINDOWS\hpoins29.dat
[2011/03/06 18:42:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/03/01 21:22:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/03/31 02:37:58 | 000,800,411 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\lifescir_db.sql.gz
[2011/03/30 12:07:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/03/28 21:27:44 | 000,015,106 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/28 21:27:44 | 000,015,106 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/28 21:27:43 | 000,215,334 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe
[2011/03/28 11:19:30 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/28 00:00:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/27 20:56:03 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/03/10 17:32:01 | 000,004,870 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/10 17:32:01 | 000,004,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/06 18:46:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Ÿ9Ÿ9
[2011/03/01 21:22:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\wklnhst.dat
[2011/02/11 19:49:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/11 02:27:23 | 000,163,161 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011/01/11 02:27:23 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2011/01/11 02:21:32 | 000,165,413 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2011/01/11 02:21:32 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2010/12/29 09:35:45 | 000,033,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/27 20:35:42 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 07:43:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/10/02 06:51:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\tc7.exe
[2010/08/16 09:21:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\bawuho.dat
[2010/07/30 08:23:42 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\ranmiq.dat
[2010/07/29 19:49:16 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ranmiq.dat
[2010/05/31 20:50:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/05/25 22:04:29 | 000,001,460 | ---- | C] () -- C:\WINDOWS\XMailer.INI
[2010/05/12 17:30:32 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/29 16:21:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/12 09:53:03 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wjD74Y8.dat
[2010/04/08 18:36:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6e6301sD6p
[2010/04/06 10:30:23 | 000,001,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/05 13:09:01 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1331231679
[2010/04/04 20:53:42 | 000,015,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
[2009/08/25 21:14:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/08/25 21:14:53 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/08/25 21:14:53 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/02/24 01:44:19 | 000,024,927 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2008/11/19 17:13:56 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/10/15 02:24:49 | 000,006,144 | ---- | C] () -- C:\WINDOWS\karna.dat
[2008/10/15 02:23:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\userconfig9x.dll
[2008/10/15 02:23:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\FVProtect.exe
[2008/10/15 02:23:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\iTunesMusic.exe
[2008/10/15 02:23:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\winsystem.exe
[2008/10/15 02:23:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\mssecu.exe
[2008/10/15 02:23:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\bdn.com
[2007/06/13 00:47:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2007/06/13 00:47:01 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2007/06/01 13:16:35 | 000,000,134 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/08/20 06:50:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2006/06/27 23:20:08 | 000,000,339 | ---- | C] () -- C:\WINDOWS\Proxyrama.INI
[2006/06/11 13:04:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2006/04/28 10:59:57 | 000,000,166 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2006/03/11 18:01:36 | 000,004,257 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/04 13:47:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/26 15:57:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/11/16 15:55:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/16 15:55:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/10 13:18:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/10 12:39:31 | 000,068,900 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2005/11/10 12:39:29 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2005/11/09 23:30:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/09 01:07:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 00:39:44 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/08/09 00:38:40 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/09 00:38:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/09 00:36:10 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/09 00:32:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 00:26:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 00:26:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 00:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 00:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 00:26:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 00:26:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 00:19:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/09 00:14:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/09 00:11:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/09 00:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/09 00:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/09 00:11:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/09 00:10:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/08/09 00:10:13 | 000,094,574 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/08 23:59:10 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/08 23:54:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/06/24 20:29:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/24 19:43:44 | 000,471,824 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/24 19:43:44 | 000,082,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/24 19:42:06 | 001,862,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/24 19:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/24 19:30:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/09 20:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 02:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 02:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 19:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/23 13:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== LOP Check ==========

[2011/03/27 15:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\115D
[2011/03/27 15:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\diledmbc
[2011/03/27 15:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/27 15:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Method Solutions
[2011/03/27 15:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/03/27 21:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/27 15:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/03/28 21:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/27 15:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/27 15:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/28 01:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\ConsumerSoft
[2011/03/31 11:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\FileZilla
[2011/03/27 15:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\FrostWire
[2011/01/10 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Local
[2011/03/27 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\OpenCandy
[2011/01/28 22:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\OpenOffice.org
[2011/03/27 15:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\SampleView
[2011/02/11 21:31:24 | 000,000,294 | -H-- | M] () -- C:\WINDOWS\Tasks\aa38526e.job
[2011/02/11 23:42:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/03/31 12:23:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/31 12:11:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D96771C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1

< End of report >

#7
sari

Posted 25 May 2011 - 07:46 AM

GeekU Admin

Community Leader
21,806 posts

eighttoheight,

You have started 8 topics in 8 different forums for this identical problem. If you wish to receive help here from rkinner, I will kindly ask you to stick with this topic only. It will only make his job more difficult if you're following instructions from different people at different sites, and it's a waste of his time if you don't stick with this topic. I can assure you that if you follow his instructions completely, he will be able to take care of your issue. Thank you for your cooperation in this matter.

sari

#8
RKinner

Posted 25 May 2011 - 08:11 AM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c


:Services
HidServ
AppMgmt

:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6
[2011/03/13 11:43:14 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/03/13 11:43:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/03/05 08:17:18 | 000,000,000 | ---D | M] (Ø´Ø±ÙŠØ· Ø£Ø¯ÙˆØ§Øª ÙÙŠØ³ Ø¨ÙˆÙƒ) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2010/05/19 14:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/24 05:41:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [DivX Download Manager] File not found
O4 - HKCU..\Run: [Easy Dock] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O32 - AutoRun File - [2006/02/14 12:44:42 | 000,000,090 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\{2a284012-0e7f-11e0-9baa-0013d4ba4ad9}\Shell - "" = AutoRun
O33 - MountPoints2\{2a284012-0e7f-11e0-9baa-0013d4ba4ad9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a284012-0e7f-11e0-9baa-0013d4ba4ad9}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\{c61457bf-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell - "" = AutoRun
O33 - MountPoints2\{c61457bf-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c61457bf-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c61457c0-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun\command - "" = setupSNK.exe
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()
[2011/03/31 12:23:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/31 12:11:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/03/31 04:02:40 | 000,015,106 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/31 04:02:40 | 000,015,106 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/30 12:07:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/03/28 21:27:43 | 000,215,334 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe
[2011/03/23 11:11:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Ÿ9Ÿ9
[2011/03/10 17:35:01 | 000,004,870 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/10 17:35:01 | 000,004,870 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2010/10/02 06:51:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\tc7.exe
[2010/08/16 09:21:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\bawuho.dat
[2010/07/30 08:23:42 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\ranmiq.dat
[2010/07/29 19:49:16 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ranmiq.dat
[2010/05/12 17:30:32 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/12 09:53:03 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wjD74Y8.dat
[2010/04/08 18:36:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6e6301sD6p
[2010/04/06 10:30:23 | 000,001,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/05 13:09:01 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1331231679
[2010/04/04 20:53:42 | 000,015,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W

:files
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\*.exe
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from

your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some

time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in

your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

I don't see an anti-virus.

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Settings. Change the Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron

#9
eightoheight

Posted 25 May 2011 - 05:47 PM

New Member

Topic Starter
Member
9 posts

I copied and pasted that into OTL. Is it supposed to freeze? It froze and I keep getting a pop up that says, "Exception Processing Message c00000a3 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c".

#10
RKinner

Posted 25 May 2011 - 07:59 PM

Malware Expert

Expert
24,625 posts

No it's not supposed to freeze but go on with the rest of the procedure and let's see if anything will work.

Ron

#11
eightoheight

Posted 25 May 2011 - 09:12 PM

New Member

Topic Starter
Member
9 posts

My comp. keeps shutting down so I have to do the steps in bits and pieces.

Here are the two logs:

OTL Extras logfile created on: 3/31/2011 6:04:30 PM - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.44 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 57.92% Memory free
3.29 Gb Paging File | 2.87 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.02 Gb Total Space | 8.62 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive D: | 69.86 Gb Total Space | 22.13 Gb Free Space | 31.68% Space Free | Partition Type: NTFS
Drive E: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.34% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (All) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe ()
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe  1.4.31.1
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{276E3ECB-E9E9-494E-A3F9-173BAD7D9643}" = C4400
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4CC59DA1-469B-49A5-9F6B-C4D26990294A}" = PS_AIO_03_C4400_ProductContext
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3FEF2D-0E14-412E-869C-421AB373EE43}" = C4400_Help
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver Software 11.0 Rel .3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACECB7C-5EB2-42B3-A2E1-B91878B6C5D7}" = PS_AIO_03_C4400_Software
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"ATI Display Driver" = ATI Display Driver
"Compaq Game Console" = Compaq Game Console and games
"FrostWire" = FrostWire 4.21.3
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"HPOOVClient-5577497 Uninstaller" = Compaq Connections (remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"Shop for HP Supplies" = Shop for HP Supplies
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.5.1
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 3/10/2011 3:03:58 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application vnnjwnfsika.exe, version 1.0.0.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000342dd.
 
Error - 3/11/2011 3:16:36 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application vnnjwnfsika.exe, version 1.0.0.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000342dd.
 
Error - 3/12/2011 10:36:49 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1005
Description = Windows cannot access the file F:\QtGui4.dll for one of the following
 reasons:   there is a problem with the network connection, the disk that the file
 is stored on, or the storage   drivers installed on this computer; or the disk is
 missing.   Windows closed the program C++ application development framework. because
 of this error.    Program: C++ application development framework.  File: F:\QtGui4.dll

The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C0000013  Disk
 type: 5
 
Error - 3/12/2011 10:36:57 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application PhotoApp.exe, version 2.3.0.502, faulting module
 ntdll.dll, version 5.1.2600.5755, fault address 0x000500b6.
 
Error - 3/12/2011 11:35:27 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.
 
Error - 3/12/2011 11:35:30 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.
 
Error - 3/12/2011 12:42:56 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module camtasiastudio.exe, version 7.1.0.1631, fault address 0x00374ff0.
 
Error - 3/12/2011 12:42:58 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.
 
Error - 3/12/2011 1:16:02 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
 module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
 
Error - 3/13/2011 11:08:09 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application kfpsqgssika.exe, version 1.0.0.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000342dd.
 
[ Application Events ]
Error - 3/10/2011 3:03:58 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application vnnjwnfsika.exe, version 1.0.0.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000342dd.
 
Error - 3/11/2011 3:16:36 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application vnnjwnfsika.exe, version 1.0.0.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000342dd.
 
Error - 3/12/2011 10:36:49 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1005
Description = Windows cannot access the file F:\QtGui4.dll for one of the following
 reasons:   there is a problem with the network connection, the disk that the file
 is stored on, or the storage   drivers installed on this computer; or the disk is
 missing.   Windows closed the program C++ application development framework. because
 of this error.    Program: C++ application development framework.  File: F:\QtGui4.dll

The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.   This situation might be a temporary problem that corrects itself when the
 program runs again.  2.   If the file still cannot be accessed and   - It is on the network,
   your network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for   further assistance.  Additional Data  Error value: C0000013  Disk
 type: 5
 
Error - 3/12/2011 10:36:57 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application PhotoApp.exe, version 2.3.0.502, faulting module
 ntdll.dll, version 5.1.2600.5755, fault address 0x000500b6.
 
Error - 3/12/2011 11:35:27 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036fa3.
 
Error - 3/12/2011 11:35:30 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.
 
Error - 3/12/2011 12:42:56 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module camtasiastudio.exe, version 7.1.0.1631, fault address 0x00374ff0.
 
Error - 3/12/2011 12:42:58 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application camtasiastudio.exe, version 7.1.0.1631, faulting
 module ntdll.dll, version 5.1.2600.5755, fault address 0x000449cf.
 
Error - 3/12/2011 1:16:02 PM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4095, faulting
 module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
 
Error - 3/13/2011 11:08:09 AM | Computer Name = YOUR-27E1513D96 | Source = Application Error | ID = 1000
Description = Faulting application kfpsqgssika.exe, version 1.0.0.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000342dd.
 
[ System Events ]
Error - 3/30/2011 10:01:21 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 3/31/2011 6:38:04 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 3/31/2011 6:38:46 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 3/31/2011 6:59:20 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 2 time(s).
 
Error - 3/31/2011 9:03:32 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 3/31/2011 10:58:17 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 3/31/2011 10:58:21 AM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 3/31/2011 8:06:34 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 3/31/2011 8:47:03 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.
 
Error - 3/31/2011 9:07:14 PM | Computer Name = YOUR-27E1513D96 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly.  It has done this
 1 time(s).
 
 
< End of report >

OTL logfile created on: 3/31/2011 6:03:49 PM - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.44 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 57.92% Memory free
3.29 Gb Paging File | 2.87 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.02 Gb Total Space | 8.62 Gb Free Space | 12.68% Space Free | Partition Type: NTFS
Drive D: | 69.86 Gb Total Space | 22.13 Gb Free Space | 31.68% Space Free | Partition Type: NTFS
Drive E: | 6.50 Gb Total Space | 1.19 Gb Free Space | 18.34% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-27E1513D96 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/03/31 12:24:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/09 00:02:53 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2005/05/10 14:50:42 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2005/01/23 23:56:00 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/03/31 12:24:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
MOD - [2010/08/23 06:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/03/27 20:40:21 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2005/06/07 19:44:36 | 001,235,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/04/20 08:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/14 18:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 11:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 08:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/01/25 03:56:00 | 000,923,863 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/03 19:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 12:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.8.0
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: [email protected]:11.2.9.1
FF - prefs.js..extensions.enabledItems: hotmailwatcher@sonthakit:1.34
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {e7348bc0-16f6-11de-8c30-0800200c9a66}:3.6.19.02.10
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011/03/06 18:40:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 21:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/28 21:39:32 | 000,000,000 | ---D | M]
 
[2010/12/16 07:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Extensions
[2011/03/31 15:04:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions
[2011/02/27 00:56:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/03/28 21:38:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/21 21:20:16 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/12/21 21:12:47 | 000,000,000 | ---D | M] (Pink Fox) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
[2011/03/05 08:17:16 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/02/28 11:14:14 | 000,000,000 | ---D | M] (fusionloader) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\[email protected]
[2011/03/17 23:00:27 | 000,000,000 | ---D | M] (Hotmail Watcher) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Mozilla\Firefox\Profiles\tcqi0o5i.default\extensions\hotmailwatcher@sonthakit
[2011/03/31 15:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER.YOUR-27E1513D96.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\TCQI0O5I.DEFAULT\EXTENSIONS\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER.YOUR-27E1513D96.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\TCQI0O5I.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER.YOUR-27E1513D96.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\TCQI0O5I.DEFAULT\EXTENSIONS\[email protected]
[2010/12/24 05:41:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/24 05:41:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
Hosts file not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/24 19:32:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 03:39:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{c61457c0-0dc0-11e0-9ba6-0013d4ba4ad9}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/03/31 15:04:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/31 12:24:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
[2011/03/31 08:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\lifescirclephpbb
[2011/03/29 09:48:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/03/29 02:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\com
[2011/03/28 23:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/28 23:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Start Menu\Programs\HiJackThis
[2011/03/28 23:33:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/28 23:11:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/03/28 21:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/28 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/03/28 09:47:46 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/03/28 09:47:46 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/03/28 02:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/03/28 01:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\ConsumerSoft
[2011/03/28 00:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/27 21:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/03/27 20:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\SlimWare Utilities Inc
[2011/03/27 15:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/03/27 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\WildTangent
[2011/03/27 15:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstall Information
[2011/03/27 15:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Sony Corporation
[2011/03/27 15:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2011/03/27 15:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011/03/27 15:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/03/27 15:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\ahead
[2011/03/27 15:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\SampleView
[2011/03/27 15:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\OpenCandy
[2011/03/27 15:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Aspell
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Method Solutions
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Estsoft
[2011/03/27 15:37:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\diledmbc
[2011/03/27 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/03/27 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/03/27 15:36:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\115D
[2011/03/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2011/03/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/03/27 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/27 15:35:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/03/27 15:35:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/03/27 15:33:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/03/27 15:33:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/03/25 15:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/03/12 04:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\TechSmith
[2011/03/12 04:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2011/03/06 20:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\Iceni
[2011/03/06 18:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/03/06 18:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\HP
[2011/03/06 18:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/03/31 17:23:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/03/31 17:11:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/03/31 14:46:18 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/31 14:45:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 14:45:14 | 1541,984,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/31 14:05:47 | 000,015,102 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/31 14:05:47 | 000,015,102 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/31 12:24:08 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Desktop\OTL.exe
[2011/03/30 12:07:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/03/29 00:52:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 21:27:43 | 000,215,334 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe
[2011/03/28 19:43:48 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 16:38:28 | 001,862,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/28 15:48:46 | 000,471,824 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/28 15:48:46 | 000,082,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/28 00:00:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/27 20:40:21 | 000,012,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/03/23 11:11:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Ÿ9Ÿ9
[2011/03/10 17:35:01 | 000,004,870 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/10 17:35:01 | 000,004,870 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/06 18:56:37 | 000,165,413 | ---- | M] () -- C:\WINDOWS\hpoins29.dat
[2011/03/06 18:42:16 | 000,000,056 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/03/03 20:37:06 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2011/03/03 20:37:06 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2011/03/03 03:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/03/01 21:22:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\wklnhst.dat
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/03/30 12:07:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2011/03/28 21:27:44 | 000,015,102 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/28 21:27:44 | 000,015,102 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/03/28 21:27:43 | 000,215,334 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe
[2011/03/28 11:19:30 | 000,829,781 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/28 00:00:15 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/27 20:56:03 | 000,012,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2011/03/10 17:32:01 | 000,004,870 | -HS- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/10 17:32:01 | 000,004,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
[2011/03/06 18:46:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Ÿ9Ÿ9
[2011/03/01 21:22:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\wklnhst.dat
[2011/02/11 19:49:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/11 02:27:23 | 000,163,161 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011/01/11 02:27:23 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2011/01/11 02:21:32 | 000,165,413 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2011/01/11 02:21:32 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2010/12/29 09:35:45 | 000,033,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/27 20:35:42 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 07:43:06 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2010/10/02 06:51:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\tc7.exe
[2010/08/16 09:21:11 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\bawuho.dat
[2010/07/30 08:23:42 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\ranmiq.dat
[2010/07/29 19:49:16 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ranmiq.dat
[2010/05/31 20:50:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2010/05/25 22:04:29 | 000,001,460 | ---- | C] () -- C:\WINDOWS\XMailer.INI
[2010/05/12 17:30:32 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/29 16:21:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/12 09:53:03 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wjD74Y8.dat
[2010/04/08 18:36:09 | 000,001,060 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6e6301sD6p
[2010/04/06 10:30:23 | 000,001,514 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3Yfi
[2010/04/05 13:09:01 | 000,001,056 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1331231679
[2010/04/04 20:53:42 | 000,015,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\VHx0W
[2009/08/25 21:14:53 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/08/25 21:14:53 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/08/25 21:14:53 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/02/24 01:44:19 | 000,024,927 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2008/11/19 17:13:56 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/10/15 02:24:49 | 000,006,144 | ---- | C] () -- C:\WINDOWS\karna.dat
[2008/10/15 02:23:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\userconfig9x.dll
[2008/10/15 02:23:24 | 000,004,096 | ---- | C] () -- C:\WINDOWS\FVProtect.exe
[2008/10/15 02:23:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\iTunesMusic.exe
[2008/10/15 02:23:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\winsystem.exe
[2008/10/15 02:23:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\mssecu.exe
[2008/10/15 02:23:22 | 000,004,096 | ---- | C] () -- C:\WINDOWS\bdn.com
[2007/06/13 00:47:01 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2007/06/13 00:47:01 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2007/06/01 13:16:35 | 000,000,134 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/08/20 06:50:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2006/06/27 23:20:08 | 000,000,339 | ---- | C] () -- C:\WINDOWS\Proxyrama.INI
[2006/06/11 13:04:36 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI
[2006/04/28 10:59:57 | 000,000,166 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2006/03/11 18:01:36 | 000,004,257 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/03/04 13:47:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/26 15:57:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2005/11/16 15:55:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/11/16 15:55:28 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/11/10 13:18:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/10 12:39:31 | 000,068,900 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2005/11/10 12:39:29 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2005/11/09 23:30:54 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/08/09 01:07:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 00:39:44 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/08/09 00:38:40 | 000,012,993 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/09 00:38:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/09 00:36:10 | 000,000,172 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/09 00:32:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 00:26:19 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 00:26:19 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 00:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 00:26:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 00:26:19 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 00:26:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 00:19:06 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/09 00:14:28 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2005/08/09 00:11:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2005/08/09 00:11:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2005/08/09 00:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2005/08/09 00:11:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2005/08/09 00:11:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2005/08/09 00:10:39 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/08/09 00:10:13 | 000,094,574 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/08 23:59:10 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/08 23:54:55 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/06/24 20:29:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/24 19:43:44 | 000,471,824 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/24 19:43:44 | 000,082,342 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/24 19:42:06 | 001,862,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/24 19:31:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/06/24 19:30:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/09 20:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/05/03 11:44:44 | 000,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/03/03 16:16:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/04 09:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/15 19:38:02 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/08/23 13:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 13:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D96771C
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B61A2D1

< End of report >

#12
RKinner

Posted 25 May 2011 - 09:32 PM

Malware Expert

Expert
24,625 posts

Let's try this:

Download The Avenger by Swandog46 from
http://swandog46.gee...r2/download.php
* Unzip/extract it to a folder on your desktop.
* Double click on avenger.exe to run The Avenger.
* Click OK.
* Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
* Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
Files to delete:
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c
C:\Documents and Settings\All Users\Application Data\wjD74Y8.dat
C:\Documents and Settings\All Users\Application Data\6e6301sD6p
C:\Documents and Settings\All Users\Application Data\3Yfi
C:\Documents and Settings\All Users\Application Data\1331231679
C:\Documents and Settings\All Users\Application Data\VHx0W
C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
C:\Documents and Settings\NetworkService\Application Data\bawuho.dat
C:\Documents and Settings\LocalService\Application Data\ranmiq.dat
C:\Documents and Settings\NetworkService\Application Data\ranmiq.dat

Files to replace with dummy:
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\tc7.exe
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll

******************************************************
* In the avenger window, click the Paste Script from Clipboard icon, Image button.
* :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
* Click the Execute button.
* You will be asked Are you sure you want to execute the current script?.
* Click Yes.
* You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
* Click Yes.
* Your PC will now be rebooted.
* Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
* If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
* After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt). I would like to see the log in your next post.

#13
eightoheight

Posted 27 May 2011 - 12:15 AM

New Member

Topic Starter
Member
9 posts

I did it and I couldn't open any folders, files, programs, etc. Is this normal? It only booted one time and after that nothing else popped up or anything. But it seems the virus is gone. Not sure though. I only got on the computer by trying to open a random install.rtf file I found on my computer and selecting open with FireFox.

Here is the log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk" deleted successfully.
File "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v" deleted successfully.
File "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\5mki222i78xl77w88th73b677e4ufq5i11dixu5d43aks2c" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\wjD74Y8.dat" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\6e6301sD6p" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\3Yfi" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\1331231679" deleted successfully.
File "C:\Documents and Settings\All Users\Application Data\VHx0W" deleted successfully.
File "C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job" deleted successfully.
File "C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job" deleted successfully.
File "C:\Documents and Settings\NetworkService\Application Data\bawuho.dat" deleted successfully.
File "C:\Documents and Settings\LocalService\Application Data\ranmiq.dat" deleted successfully.
File "C:\Documents and Settings\NetworkService\Application Data\ranmiq.dat" deleted successfully.
File "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" replaced with dummy successfully.
File "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Application Data\tc7.exe" replaced with dummy successfully.
File "C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll" replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

Edited by eightoheight, 27 May 2011 - 12:23 AM.

#14
RKinner

Posted 27 May 2011 - 01:02 AM

Malware Expert

Expert
24,625 posts

Copy the text in the code box.

[Version]
Signature="$Chicago$"
Provider=Symantec

[DefaultInstall]
AddReg=UnhookRegKey

[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

Open notepad (Start, Run, notepad, OK)

Edit, Paste or Ctrl + v and the text should appear. Make sure you have it all. File, Save As (to your desktop) "fix.inf" OK (Make sure you use quotation marks around the file name or it won't work.) Close notepad. Find fix.inf and right click on it and INSTALL.

Now try and run OTL. Use this script:

:OTL
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a "%1" %* ()

and hit the RUN FIX button.

If you can't get that to work then Reboot and when you see the Maker's logo, hear a beep or it mentions F8. Start tapping the F8 key slowly. Keep tapping until you see the Safe Mode Menu. Choose Safe Mode with Networking and then log in as Administrator. (no password on XP home so just hit Enter.)

Start, Run, regedit.exe, OK Does the Registry Editor work?

Edit, Find: kit.exe
then edit each value it finds by double clicking on the label (probably will say: (default) ) then delete the part that says:
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a

so that you only have:
"%1" %*
Then OK Search for the next one.

Ron

#15
eightoheight

Posted 27 May 2011 - 07:22 PM

New Member

Topic Starter
Member
9 posts

I did everything with no interruptions, amazingly.

But when I got to this part:

Start, Run, regedit.exe, OK Does the Registry Editor work?

Edit, Find: kit.exe
then edit each value it finds by double clicking on the label (probably will say: (default) ) then delete the part that says:
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe" -a

so that you only have:
"%1" %*
Then OK Search for the next one.

It wouldn't let me delete:

C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96.000\Local Settings\Application Data\kit.exe

From any of the files that were found. It was there but I could only highlight it, not delete it.