Infected by LIVE SECURITY PLATINUM

View previous topic View next topic Go down

Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Thu Jun 14, 2012 12:55 am

Had "Live Security Platinum" show up on my PC. Cleaned with MBAM 3 times. Computer is still hinky. desktop randomly resets icons, odd google browser blocks and redirects. Its just not normal below are OTl and other logs as directed.

OTL logfile created on: 6/13/2012 8:06:56 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 84.86% Memory free
4.19 Gb Paging File | 3.98 Gb Available in Paging File | 94.97% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.61 Gb Total Space | 128.49 Gb Free Space | 47.48% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.56 Gb Free Space | 6.38% Space Free | Partition Type: FAT32
Drive K: | 3.74 Gb Total Space | 3.66 Gb Free Space | 98.02% Space Free | Partition Type: FAT32
Drive L: | 931.51 Gb Total Space | 572.96 Gb Free Space | 61.51% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 20:01:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/13 20:12:29 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/13 20:12:14 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:11:59 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/13 20:11:57 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/13 20:11:49 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/11/22 22:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- -- (cdrbsvsd)
DRV - [2012/06/13 19:14:31 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2011/10/28 19:35:28 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 00:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/10 00:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/10 00:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/03 23:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/03/08 13:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/10/24 20:16:10 | 000,036,224 | R--- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{3BADE6AE-E5E8-4062-AF6D-89C138198042}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{40019132-FE72-402E-8DD6-D198DD28521F}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{4B505490-8462-4B07-A585-F0EEBDFF7AFF}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{5B7CFAAA-3FC2-4C58-883B-6C1D4AFDC8B3}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



O1 HOSTS File: ([2011/04/17 21:46:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [lpimsc] C:\Documents and Settings\HP_Administrator\Application Data\lpimsc.dll (Analog Devices, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: liquiddigitalmedia.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} [You must be registered and logged in to see this link.] (Symantec Download Manager)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [You must be registered and logged in to see this link.] (GMNRev Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} [You must be registered and logged in to see this link.] (SonicActivator Class)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} [You must be registered and logged in to see this link.] (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB6FB055-8E8A-48F8-BBD5-24FD5DF6B777}: DhcpNameServer = 192.168.3.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/20 21:42:00 | 000,000,200 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DMAScheduler - hkey= - key= - c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA851-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 20:05:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/06/13 20:01:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2012/06/13 19:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/13 19:33:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/13 19:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/13 18:58:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/13 08:35:34 | 000,344,576 | ---- | C] (Analog Devices, Inc.) -- C:\Documents and Settings\HP_Administrator\Application Data\lpimsc.dll
[2012/06/13 01:38:26 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/12 22:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2012/06/12 22:49:42 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2012/06/12 07:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/06/12 07:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/06/12 01:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Secunia PSI
[2012/06/11 22:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/11 22:27:47 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\mseinstall.exe
[2012/06/11 21:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/06/11 21:02:11 | 004,542,341 | ---- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/06/11 20:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/11 20:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\HiJackThis
[2012/06/11 17:42:57 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2012/06/11 12:52:57 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\Desktop\FixExec.exe
[2012/06/11 12:44:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/06/11 12:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/06/11 10:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/11 10:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Wadi
[2012/06/11 10:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Ikuqv
[2012/06/11 10:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Dycim

========== Files - Modified Within 30 Days ==========

[2012/06/13 20:06:12 | 000,853,862 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2012/06/13 20:05:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/06/13 20:01:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.com
[2012/06/13 19:58:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/13 19:40:14 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/13 19:33:36 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:33:36 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:30:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/13 19:20:11 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\48230029.sys
[2012/06/13 19:14:31 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/13 18:58:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/13 17:56:44 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2012/06/13 10:54:49 | 000,486,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 10:54:49 | 000,081,502 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 10:46:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 08:35:38 | 000,344,576 | ---- | M] (Analog Devices, Inc.) -- C:\Documents and Settings\HP_Administrator\Application Data\lpimsc.dll
[2012/06/12 22:53:42 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2012/06/12 22:49:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2012/06/12 00:53:00 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe
[2012/06/11 23:09:24 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/06/11 22:29:07 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/11 22:28:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/11 22:27:47 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\mseinstall.exe
[2012/06/11 21:02:11 | 004,542,341 | ---- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/06/11 20:34:33 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/11 20:16:32 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.msi
[2012/06/11 17:42:57 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2012/06/11 16:36:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/11 12:53:35 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\Desktop\FixExec.exe
[2012/06/02 20:45:09 | 001,525,210 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Work Period 2002.jpg
[2012/06/02 20:43:36 | 001,960,646 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Work Period 2001.jpg
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/28 20:46:46 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/25 23:53:40 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/05/16 11:08:26 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

========== Files Created - No Company Name ==========

[2012/06/13 20:05:57 | 000,853,862 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2012/06/13 19:33:36 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:33:36 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:20:11 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\48230029.sys
[2012/06/13 19:14:31 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/06/12 22:53:40 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2012/06/12 01:02:55 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Secunia PSI.lnk
[2012/06/12 00:52:39 | 001,012,656 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe
[2012/06/11 22:38:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/06/11 22:28:56 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/11 20:18:14 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.lnk
[2012/06/11 20:16:18 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.msi
[2012/06/02 20:45:07 | 001,525,210 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Work Period 2002.jpg
[2012/06/02 20:43:35 | 001,960,646 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Work Period 2001.jpg
[2012/05/25 01:09:15 | 000,239,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/15 17:46:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/01 23:45:53 | 002,000,046 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4266209018-760024616-2802856647-1007-0.dat
[2012/01/01 23:45:52 | 000,362,570 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/01 18:26:11 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/03 19:44:11 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/08/03 20:49:56 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2011/08/03 20:49:55 | 000,030,080 | ---- | C] () -- C:\WINDOWS\System32\Ptabimp3.exe
[2011/06/02 18:36:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/31 18:03:51 | 000,110,604 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/02 00:46:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/01/02 00:13:17 | 000,000,045 | ---- | C] () -- C:\WINDOWS\ENX420.ini
[2010/12/31 09:36:59 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010/12/02 18:13:47 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/02 18:13:47 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/08/24 21:22:48 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >
[2010/07/08 21:05:53 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/06/13 20:05:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/06/11 21:02:11 | 004,542,341 | ---- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2012/06/11 12:53:35 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\HP_Administrator\Desktop\FixExec.exe
[2012/06/13 18:58:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/11 22:27:47 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\mseinstall.exe
[2012/06/12 00:53:00 | 001,012,656 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.exe
[2012/06/13 20:06:12 | 000,853,862 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2012/06/11 17:42:57 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/04/16 18:47:12 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2008/11/07 00:24:14 | 087,058,120 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Documents and Settings\HP_Administrator\My Documents\sp34919.exe

< %USERPROFILE%\*.exe >
[2008/02/11 23:39:38 | 000,389,120 | ---- | M] (Citrix Online) -- C:\Documents and Settings\HP_Administrator\GoToAssist_phone__268_en.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/06/12 07:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/03/06 17:15:30 | 000,000,000 | ---D | M] -- C:\Program Files\AIM FightList
[2009/08/02 20:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\AIM Toolbar
[2009/08/02 20:50:32 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2009/12/25 18:46:46 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2012/01/03 17:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/03/09 15:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2011/04/17 23:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\Autoruns
[2012/02/26 21:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Axis Communications
[2011/04/19 18:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\BillP Studios
[2012/01/03 18:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/08/03 20:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Broderbund
[2007/03/15 17:13:23 | 000,000,000 | ---D | M] -- C:\Program Files\Buddy Icon Maker
[2012/06/11 20:34:30 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/05/07 21:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/11/11 18:56:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/10/06 18:59:52 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2007/11/07 20:19:27 | 000,000,000 | ---D | M] -- C:\Program Files\DISC
[2009/07/13 18:20:08 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2006/10/06 19:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2006/10/06 18:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\EnglishOtto
[2007/10/24 22:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2011/01/02 00:14:44 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2011/01/02 00:16:24 | 000,000,000 | ---D | M] -- C:\Program Files\EpsonNet
[2011/04/18 09:41:29 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/04/19 20:10:56 | 000,000,000 | ---D | M] -- C:\Program Files\Essentials Codec Pack
[2010/08/24 21:22:48 | 000,000,000 | ---D | M] -- C:\Program Files\FirstClass
[2012/05/11 22:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Free M4a to MP3 Converter
[2006/10/06 18:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2011/05/15 20:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/01/26 21:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2006/10/06 19:30:30 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/01/18 09:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2006/10/06 19:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\HP DigitalMedia Archive
[2011/01/02 00:16:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/06/13 10:46:18 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012/04/07 14:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2007/01/14 00:31:29 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2006
[2012/04/07 14:10:23 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/04/18 08:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/28 09:54:19 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2007/03/06 16:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\LWAway
[2008/11/12 00:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\Macrovision Corporation
[2012/06/13 19:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/11/08 20:31:31 | 000,000,000 | ---D | M] -- C:\Program Files\Memorex exPressit Label Design Studio
[2011/04/19 19:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/11/11 09:29:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2005/11/14 21:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/07/09 14:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/06/11 22:28:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
[2012/05/14 15:28:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/12/03 01:13:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/01/01 18:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/04/20 15:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/01/30 18:17:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/07 18:38:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2005/11/14 21:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/10/06 19:16:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/11/14 21:07:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/12/09 00:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/01/30 18:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2006/10/06 19:20:13 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2011/04/19 19:10:34 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/10/06 19:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2009/11/10 18:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2006/10/06 19:32:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/04/20 15:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/10/28 22:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\OverDrive Media Console
[2007/08/03 17:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2006/10/06 19:28:46 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2010/08/10 18:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2012/01/03 18:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/01/30 18:17:21 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/02/07 17:41:32 | 000,000,000 | ---D | M] -- C:\Program Files\RehearScore 2.0
[2008/05/21 21:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2008/11/11 11:34:22 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2006/12/25 23:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\SanDisk
[2012/06/11 21:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Secunia
[2008/11/07 01:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/01/16 20:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2007/12/16 15:11:46 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2008/03/05 22:29:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/10 18:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/01/13 22:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\The Learning Company
[2012/06/11 20:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2012/01/01 18:24:47 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2005/11/11 18:56:28 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2006/10/06 19:24:38 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2007/02/24 17:19:07 | 000,000,000 | ---D | M] -- C:\Program Files\Verizon
[2011/04/18 07:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/11/11 11:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Wal-Mart Music Downloads Store
[2009/11/08 10:04:06 | 000,000,000 | ---D | M] -- C:\Program Files\Walmart MP3 Music Downloads
[2011/08/03 20:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2011/04/19 20:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/03/23 18:30:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/06/29 17:57:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/04/19 19:10:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/11/14 21:08:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2005/11/11 18:56:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2005/11/14 21:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/12/19 22:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< MD5 for: AGP440.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/03 19:23:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/03 19:23:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/03 19:23:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/03 19:23:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/10 07:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/03 19:23:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/09 17:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2008/09/03 19:23:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/10 00:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/10 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/10 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-13 14:55:19

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 07:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\jon birthday card 2007.BMP:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\George.dmss:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\Blue Hair June 2005.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\Desktop\CTB 1062.jpg:Roxio EMC Stream

< End of report >

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Part 2 rest of logs

Post by Ubangy on Thu Jun 14, 2012 12:56 am


OTL Extras logfile created on: 6/13/2012 8:06:56 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 84.86% Memory free
4.19 Gb Paging File | 3.98 Gb Available in Paging File | 94.97% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 270.61 Gb Total Space | 128.49 Gb Free Space | 47.48% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.56 Gb Free Space | 6.38% Space Free | Partition Type: FAT32
Drive K: | 3.74 Gb Total Space | 3.66 Gb Free Space | 98.02% Space Free | Partition Type: FAT32
Drive L: | 931.51 Gb Total Space | 572.96 Gb Free Space | 61.51% Space Free | Partition Type: NTFS

Computer Name: LIVINGROOM | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{113AC946-0CEB-49C7-828A-230FF9EB1DBB}" = TurboTax 2010 wmdiper
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B15D991-5619-4BC1-B71E-3DE793B792FC}" = ArcSoft MediaConverter 2
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29DBCB14-49ED-4906-A440-CBC27B761051}" = Roxio MyDVD 9 Studio
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41CA14B6-3D43-4A24-9F7F-8A2A281D0A14}" = D1300
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software
"{787F2DC2-1699-44FA-A72F-9107166AF9CC}" = Roxio Content 9
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78FE0940-4835-4286-AAB2-CE699E4C4BFC}" = OverDrive Media Console
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9743AF47-B746-4324-B4C4-512E67D04370}" = Symantec Technical Support Web Controls
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A12F80CD-7C1E-4E75-8E89-2C717F77700B}" = LenannizUsr
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9B1AED3-40FB-47CC-B880-ED9A2C9FE658}" = D1300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6D442EC-14C6-4E5B-8378-305BAE7EDBBF}" = TurboTax 2011 wmdiper
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}" = ImageMixer VCD2
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.14
"AwayMode160" = Microsoft Away Mode
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"DISCover" = DISCover
"DrawPlus 3.0" = DrawPlus 3.0
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mavis Beacon Teaches Typing 16" = Mavis Beacon Teaches Typing 16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = Memorex exPressit Label Design Studio
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"The Print Shop 10.0" = The Print Shop
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/12/2012 5:10:52 PM | Computer Name = LIVINGROOM | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
On Mode: Append Type: Inc Consult the backup report for more details.

Error - 6/12/2012 5:10:58 PM | Computer Name = LIVINGROOM | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 6/12/2012 6:46:12 PM | Computer Name = LIVINGROOM | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
On Mode: Append Type: Inc Consult the backup report for more details.

Error - 6/12/2012 11:28:59 PM | Computer Name = LIVINGROOM | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15641, faulting module
gmer.exe, version 1.0.15.15641, fault address 0x0000c676.

Error - 6/13/2012 8:34:05 AM | Computer Name = LIVINGROOM | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 6/13/2012 12:35:00 PM | Computer Name = LIVINGROOM | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 6/13/2012 12:36:20 PM | Computer Name = LIVINGROOM | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 6/13/2012 5:54:02 PM | Computer Name = LIVINGROOM | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 6/13/2012 7:09:12 PM | Computer Name = LIVINGROOM | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 6/13/2012 7:30:18 PM | Computer Name = LIVINGROOM | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

[ System Events ]
Error - 6/12/2012 11:31:28 PM | Computer Name = LIVINGROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 6/13/2012 12:07:15 AM | Computer Name = LIVINGROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 6/13/2012 12:07:17 AM | Computer Name = LIVINGROOM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 6/13/2012 5:54:27 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/13/2012 6:02:11 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/13/2012 6:43:47 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 6/13/2012 7:03:24 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/13/2012 7:03:26 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/13/2012 7:07:43 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/13/2012 7:30:46 PM | Computer Name = LIVINGROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 20:17:01
-----------------------------
20:17:01.531 OS Version: Windows 5.1.2600 Service Pack 3
20:17:01.531 Number of processors: 2 586 0x2B01
20:17:01.546 ComputerName: LIVINGROOM UserName:
20:17:02.671 Initialize success
20:32:47.656 AVAST engine defs: 12061301
20:33:34.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
20:33:34.390 Disk 0 Vendor: SAMSUNG_HD300LJ ZT100-12 Size: 286168MB BusType: 3
20:33:34.421 Disk 0 MBR read successfully
20:33:34.421 Disk 0 MBR scan
20:33:34.468 Disk 0 unknown MBR code
20:33:34.468 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 277105 MB offset 63
20:33:34.515 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 567528255
20:33:34.531 Disk 0 scanning sectors +586067265
20:33:34.593 Disk 0 scanning C:\WINDOWS\system32\drivers
20:33:43.531 Service scanning
20:34:03.593 Modules scanning
20:34:07.437 Disk 0 trace - called modules:
20:34:07.484 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:34:07.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af3c9c0]
20:34:07.593 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000067[0x8af41910]
20:34:07.687 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ae7b940]
20:34:08.812 AVAST engine scan C:\WINDOWS
20:34:21.796 AVAST engine scan C:\WINDOWS\system32
20:38:17.546 AVAST engine scan C:\WINDOWS\system32\drivers
20:38:44.437 AVAST engine scan C:\Documents and Settings\HP_Administrator
20:42:52.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
20:42:52.265 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 24
Java version out of date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````



Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Thu Jun 14, 2012 1:27 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
We need to fix the [You must be registered and logged in to see this link.] using aswMBR now.


  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click FixMBR to remove the infection as illustrated below





  • Once the scan finishes click Save log to save the log to your Desktop



  • Copy and paste the contents of aswMBR.txt back here for review
.
****************************************************
Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..
************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Thu Jun 14, 2012 1:45 am

Thank you SuperDave for the fast response. I am on those tasks now. Will reply as soon as they are completed.

Chris

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Fri Jun 15, 2012 12:33 am

SuperDave,
I realized that I did not wait for aswMBR to run to completion the first time.
So I scanned again like you said and let it complete( oh so long) and then hit fixMBR. Ran MBAM, and Super Antivirus as directed. Attached are the logs.

I hope I did this right//

Thank you,

Chris
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-13 22:24:07
-----------------------------
22:24:07.921 OS Version: Windows 5.1.2600 Service Pack 3
22:24:07.921 Number of processors: 2 586 0x2B01
22:24:07.921 ComputerName: LIVINGROOM UserName:
22:24:09.296 Initialize success
22:24:18.062 AVAST engine defs: 12061301
22:24:30.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:24:30.218 Disk 0 Vendor: SAMSUNG_HD300LJ ZT100-12 Size: 286168MB BusType: 3
22:24:30.265 Disk 0 MBR read successfully
22:24:30.265 Disk 0 MBR scan
22:24:30.281 Disk 0 unknown MBR code
22:24:30.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 277105 MB offset 63
22:24:30.359 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9052 MB offset 567528255
22:24:31.718 Disk 0 scanning sectors +586067265
22:24:31.828 Disk 0 scanning C:\WINDOWS\system32\drivers
22:24:59.765 Service scanning
22:25:08.562 Service MpKsl031a71fb C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9B4F3D4-EE12-488B-ABE1-6B98A864FA45}\MpKsl031a71fb.sys **LOCKED** 32
22:25:19.093 Modules scanning
22:25:41.531 Disk 0 trace - called modules:
22:25:42.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:25:42.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b012ab8]
22:25:42.062 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000069[0x8b0c0f18]
22:25:42.062 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b014940]
22:25:43.312 AVAST engine scan C:\WINDOWS
22:26:50.625 AVAST engine scan C:\WINDOWS\system32
22:35:59.062 AVAST engine scan C:\WINDOWS\system32\drivers
22:37:24.750 AVAST engine scan C:\Documents and Settings\HP_Administrator
00:08:12.921 AVAST engine scan C:\Documents and Settings\All Users
00:13:54.750 Scan finished successfully
00:59:24.112 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
00:59:24.127 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"
00:59:29.330 Verifying
00:59:39.346 Disk 0 Windows 501 MBR fixed successfully
00:59:55.799 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
00:59:55.799 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR2.txt"

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.06.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: LIVINGROOM [administrator]

6/14/2012 1:06:51 AM
mbam-log-2012-06-14 (01-06-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294445
Time elapsed: 8 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 06/14/2012 at 08:19 PM

Application Version : 5.1.1002

Core Rules Database Version : 8737
Trace Rules Database Version: 6549

Scan type : Complete Scan
Total Scan Time : 02:42:40

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 511
Memory threats detected : 0
Registry items scanned : 35901
Registry threats detected : 0
File items scanned : 153170
File threats detected : 154

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\PA99P9LR.txt [ /apmebf.com ]
C:\Documents and Settings\HP_Administrator\Cookies\40O1CV0P.txt [ /interclick.com ]
C:\Documents and Settings\HP_Administrator\Cookies\NFMH95BD.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\HP_Administrator\Cookies\P1W0UMIX.txt [ /media6degrees.com ]
C:\Documents and Settings\HP_Administrator\Cookies\MU8JPXMM.txt [ /statcounter.com ]
C:\Documents and Settings\HP_Administrator\Cookies\NT9F0LT8.txt [ /kontera.com ]
C:\Documents and Settings\HP_Administrator\Cookies\42F4AIYF.txt [ /ads.pointroll.com ]
C:\Documents and Settings\HP_Administrator\Cookies\DUG9FDA0.txt [ /pro-market.net ]
C:\Documents and Settings\HP_Administrator\Cookies\XW0O95YT.txt [ /fastclick.net ]
C:\Documents and Settings\HP_Administrator\Cookies\LGVA0L26.txt [ /lucidmedia.com ]
C:\Documents and Settings\HP_Administrator\Cookies\HIQHLA2K.txt [ /recyclinggroupfinder.com ]
C:\Documents and Settings\HP_Administrator\Cookies\R42FEGND.txt [ /questionmarket.com ]
C:\Documents and Settings\HP_Administrator\Cookies\GWL06QC1.txt [ /bs.serving-sys.com ]
C:\Documents and Settings\HP_Administrator\Cookies\FAJSKBWO.txt [ /kanoodle.com ]
C:\Documents and Settings\HP_Administrator\Cookies\XG2TZ206.txt [ /click.scour.com ]
C:\Documents and Settings\HP_Administrator\Cookies\2DG5HAKQ.txt [ /www.911adnetwork.com ]
C:\Documents and Settings\HP_Administrator\Cookies\NW2NS4PK.txt [ /ru4.com ]
C:\Documents and Settings\HP_Administrator\Cookies\VD5T5EDY.txt [ /atdmt.com ]
C:\Documents and Settings\HP_Administrator\Cookies\VFGA4LCM.txt [ /ads.pubmatic.com ]
C:\Documents and Settings\HP_Administrator\Cookies\E33DD2N8.txt [ /revsci.net ]
C:\Documents and Settings\HP_Administrator\Cookies\2O4RUGTC.txt [ /intermundomedia.com ]
C:\Documents and Settings\HP_Administrator\Cookies\CQHKN7EP.txt [ /lfstmedia.com ]
C:\Documents and Settings\HP_Administrator\Cookies\GUKE0H6B.txt [ /accounts.youtube.com ]
C:\Documents and Settings\HP_Administrator\Cookies\1L4JMKSO.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\HP_Administrator\Cookies\CYL2VN9V.txt [ /azjmp.com ]
C:\Documents and Settings\HP_Administrator\Cookies\1KUF5H6P.txt [ /liveperson.net ]
C:\Documents and Settings\HP_Administrator\Cookies\DO8USF2F.txt [ /accounts.google.com ]
C:\Documents and Settings\HP_Administrator\Cookies\JK1BIIXK.txt [ /mm.chitika.net ]
C:\Documents and Settings\HP_Administrator\Cookies\8GCO2AGW.txt [ /a1.interclick.com ]
C:\Documents and Settings\HP_Administrator\Cookies\8SQFSXEI.txt [ /admarketplace.net ]
C:\Documents and Settings\HP_Administrator\Cookies\04ZAQJ5K.txt [ /xiti.com ]
C:\Documents and Settings\HP_Administrator\Cookies\AL0ODPYT.txt [ /serving-sys.com ]
C:\Documents and Settings\HP_Administrator\Cookies\XYUPA7D6.txt [ /mediaplex.com ]
C:\Documents and Settings\HP_Administrator\Cookies\PJOTCQYN.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\HP_Administrator\Cookies\0V21HB7Y.txt [ /sales.liveperson.net ]
C:\Documents and Settings\HP_Administrator\Cookies\JQJHQ0DD.txt [ /tribalfusion.com ]
C:\Documents and Settings\HP_Administrator\Cookies\PKJN9C9E.txt [ /bridge2.admarketplace.net ]
C:\Documents and Settings\HP_Administrator\Cookies\2FY76PWO.txt [ /volvocountryparts.com ]
C:\Documents and Settings\HP_Administrator\Cookies\FEO9CZZ0.txt [ /adxpose.com ]
C:\Documents and Settings\HP_Administrator\Cookies\OKU8OU3X.txt [ /invitemedia.com ]
C:\Documents and Settings\HP_Administrator\Cookies\ILRBGI56.txt [ /liveperson.net ]
C:\Documents and Settings\HP_Administrator\Cookies\GLS21OLB.txt [ /liveperson.net ]
C:\Documents and Settings\HP_Administrator\Cookies\OHBT0OF9.txt [ /burstnet.com ]
C:\Documents and Settings\HP_Administrator\Cookies\438RW57V.txt [ /steelhousemedia.com ]
C:\Documents and Settings\HP_Administrator\Cookies\VV047OKF.txt [ /2o7.net ]
C:\Documents and Settings\HP_Administrator\Cookies\ZL7PMZ87.txt [ /at.atwola.com ]
C:\Documents and Settings\HP_Administrator\Cookies\O3OOAG7R.txt [ /doubleclick.net ]
C:\Documents and Settings\HP_Administrator\Cookies\9HXJNUEK.txt [ /a.iad.lpsnmedia.net ]
C:\Documents and Settings\HP_Administrator\Cookies\7PKUSR6J.txt [ /collective-media.net ]
C:\Documents and Settings\HP_Administrator\Cookies\GPRRTBJG.txt [ /www.burstnet.com ]
C:\Documents and Settings\HP_Administrator\Cookies\KS4OH3VZ.txt [ /ads.undertone.com ]
C:\Documents and Settings\HP_Administrator\Cookies\IAZIF4TA.txt [ /adbrite.com ]
C:\Documents and Settings\HP_Administrator\Cookies\O0GMK6B2.txt [ /usa.recyclinggroupfinder.com ]
C:\Documents and Settings\HP_Administrator\Cookies\DNGXKGZ9.txt [ /pointroll.com ]
C:\Documents and Settings\HP_Administrator\Cookies\B8ERVE39.txt [ /legolas-media.com ]
C:\Documents and Settings\HP_Administrator\Cookies\KYBSGJJ3.txt [ /findlaw.com ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@invitemedia[2].txt [ Cookie:catherine@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@collective-media[2].txt [ Cookie:catherine@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@amtk-media[2].txt [ Cookie:catherine@amtk-media.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@media6degrees[1].txt [ Cookie:catherine@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@[You must be registered and logged in to see this link.] [ Cookie:catherine@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@lucidmedia[3].txt [ Cookie:catherine@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@verizon[5].txt [ Cookie:catherine@verizon.com/foryourhome/myaccount/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@revsci[2].txt [ Cookie:catherine@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@at.atwola[1].txt [ Cookie:catherine@at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@content.yieldmanager[1].txt [ Cookie:catherine@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@eyewonder[1].txt [ Cookie:catherine@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@lucidmedia[2].txt [ Cookie:catherine@lucidmedia.com/clicksense/admeld/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@andomedia[2].txt [ Cookie:catherine@andomedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@ru4[1].txt [ Cookie:catherine@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@verizon[6].txt [ Cookie:catherine@verizon.com/media ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@specificmedia[1].txt [ Cookie:catherine@specificmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@content.yieldmanager[3].txt [ Cookie:catherine@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@adxpose[1].txt [ Cookie:catherine@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\Cookies\catherine@verizon[4].txt [ Cookie:catherine@verizon.com/vztracker/ ]
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\Cookies\7DEUR3OR.txt [ Cookie:hp_administrator@verizon.com/foryourhome/myaccount/ ]
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\Cookies\MJGR58D0.txt [ Cookie:hp_administrator@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\JON LEONARD\Cookies\jon_leonard@ar.atwola[1].txt [ Cookie:jon [You must be registered and logged in to see this link.]/html ]
C:\DOCUMENTS AND SETTINGS\JON LEONARD\Cookies\jon_leonard@atwola[1].txt [ Cookie:jon [You must be registered and logged in to see this link.]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\AXEIUTVY.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\2E3XF89W.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\L3GMUV06.txt [ Cookie:system@clicks.coolsearchnow.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NVBKNKUQ.txt [ Cookie:system@indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QQRFAJFN.txt [ Cookie:system@fromtofind.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\LXLD8XA1.txt [ Cookie:system@s2.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\X7MBGOJI.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\C2ELTGID.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\Y9A6NCJ2.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VB6HUOU9.txt [ Cookie:system@optimize.indieclick.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\B53N6FN0.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4J6Z9TFT.txt [ Cookie:system@azurefind.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E8WB9X87.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UD4F53J0.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9M2B9PG8.txt [ Cookie:system@histats.com/stats/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\EL8YQILP.txt [ Cookie:system@s4.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\EF6KJROL.txt [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\U4BTG4CM.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\W00SLLEY.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TZI0RU02.txt [ Cookie:system@click.pmi5media.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\3R29QXN0.txt [ Cookie:system@tracking893.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\D8Q88XWX.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\GKLYS8WF.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9SSAI1IA.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\800ASI05.txt [ Cookie:system@histats.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\8PSSS8D8.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NCUY788T.txt [ Cookie:system@46962.gofindtoday.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XJV3NWSG.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UXYVFPBL.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G04EMJD4.txt [ Cookie:system@track.solocpm.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CB9JKUP2.txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DFUHHOUV.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6LO1AUP9.txt [ Cookie:system@clicks.celebspin.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\EGABNZWQ.txt [ Cookie:system@questionaireandsurveys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YT23LOPD.txt [ Cookie:system@tag.blutonicmedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2CV56OH5.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1Y5OKVB1.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\36W0KIBN.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q3SQGRGV.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W6OQKZ46.txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\G7XX3P2S.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WNVNVGH5.txt [ Cookie:system@klpfind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MKMGNGFL.txt [ Cookie:system@questionquizzws.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\P3R5L8QX.txt [ Cookie:system@azurefind.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\D78SB3TX.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DYUJL4CS.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1N6OR9U6.txt [ Cookie:system@perfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6VMAH9E7.txt [ Cookie:system@s4.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2RH6Y2U5.txt [ Cookie:system@adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QMYNPGCF.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BEC7U262.txt [ Cookie:system@click.pmi5media.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GV5A1NVM.txt [ Cookie:system@pubmatic.com/AdServer/AdClickTrackerServlet/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1DQBZUB1.txt [ Cookie:system@ads.saymedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CMWMPAFK.txt [ Cookie:system@openx.overadmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\A3AAIQE8.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8U1RYM3Y.txt [ Cookie:system@helpdeskquestionsurvey.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TODPBB94.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3U3DN2T0.txt [ Cookie:system@lokyfind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R3DF7G04.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\I94808NP.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZF5G7P04.txt [ Cookie:system@questionairesurvey.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T2L7FAVI.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AW4BUARY.txt [ Cookie:system@intfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HZEXBHIB.txt [ Cookie:system@questionateasypaidsurveys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WLOI0N5M.txt [ Cookie:system@clicks.gossipcenter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\U2XLN20Y.txt [ Cookie:system@clicks.toolbarzone.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X6XA6IS5.txt [ Cookie:system@questionresearchsurvey.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\E1SY23O4.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@A1.INTERCLICK[2].TXT [ /A1.INTERCLICK ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@AD.WSOD[1].TXT [ /AD.WSOD ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@ADS.WEBKINZ[2].TXT [ /ADS.WEBKINZ ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@INTERCLICK[1].TXT [ /INTERCLICK ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@LFSTMEDIA[2].TXT [ /LFSTMEDIA ]
C:\DOCUMENTS AND SETTINGS\CATHERINE\COOKIES\CATHERINE@USER.LUCIDMEDIA[1].TXT [ /USER.LUCIDMEDIA ]

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Fri Jun 15, 2012 1:14 am

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Fri Jun 15, 2012 2:21 am

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java(TM) 6 Update 24
Java version out of date!
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````


ComboFix 12-06-11.04 - HP_Administrator 06/14/2012 21:36:24.3.2 - x86
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HP_Administrator\Application Data\Dycim
c:\documents and settings\HP_Administrator\Application Data\Dycim\xyqya.oli
c:\documents and settings\HP_Administrator\Application Data\lpimsc.dll
c:\documents and settings\HP_Administrator\Application Data\Microsoft\Windows\UsrClass.dat
c:\documents and settings\HP_Administrator\Start Menu\Internet Explorer.lnk
c:\documents and settings\HP_Administrator\WINDOWS
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-14 21:37 . 2012-06-14 21:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2012-06-14 21:33 . 2012-06-14 21:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-06-14 21:32 . 2012-06-14 21:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2012-06-14 21:32 . 2012-06-14 21:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-14 21:32 . 2012-06-14 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-06-14 21:23 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2F151490-CCC2-4AE3-A991-9E9962926274}\mpengine.dll
2012-06-14 05:03 . 2012-06-14 05:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-13 23:33 . 2012-06-13 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-13 23:33 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 23:20 . 2012-06-13 23:20 32072 ----a-w- c:\windows\system32\drivers\48230029.sys
2012-06-13 23:14 . 2012-06-13 23:14 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-13 12:45 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 05:38 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 11:16 . 2012-06-12 11:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2012-06-12 05:03 . 2012-06-12 05:03 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Secunia PSI
2012-06-12 02:28 . 2012-06-12 02:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-12 01:16 . 2012-06-12 01:16 -------- d-----w- c:\program files\Secunia
2012-06-12 00:18 . 2012-06-12 00:18 -------- d-----w- c:\program files\Trend Micro
2012-06-11 14:40 . 2012-06-12 01:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Ikuqv
2012-06-11 14:40 . 2012-06-12 01:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Wadi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 00:18 . 2012-06-12 00:18 388096 ------r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-12-16 23:37 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-10 04:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-10 04:00 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-12-16 23:37 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-12-16 23:37 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-12-16 23:37 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-10-6 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-6 27136]
.
c:\documents and settings\Catherine\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-6 27136]
.
c:\documents and settings\Jon\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-6 27136]
.
c:\documents and settings\Jon Leonard\Start Menu\Programs\Startup\
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-10-6 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 16:05 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-12-01 20:47 228088 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/28/2009 10:12 AM 64512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [10/14/2011 2:01 AM 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [10/14/2011 2:01 AM 399416]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/28/2008 9:35 PM 36224]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/10/2004 14336]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/28/2011 7:35 PM 2152152]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/13/2012 7:14 PM 32072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/14/2012 1:03 AM 40776]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/10/2004 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 20:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-06-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: liquiddigitalmedia.com
Trusted Zone: microsoft.com
Trusted Zone: turbotax.com
Trusted Zone: walmart.com
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.3.1
DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} - [You must be registered and logged in to see this link.]
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-lpimsc - c:\documents and settings\HP_Administrator\Application Data\lpimsc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-06-14 21:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-06-14 21:58:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 01:57
.
Pre-Run: 134,220,201,984 bytes free
Post-Run: 134,459,514,880 bytes free
.
- - End Of File - - 62BA2F27DB2E6F9E5EF6CD955E3A050E

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Fri Jun 15, 2012 7:31 pm

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
Re-running ComboFix to remove infections:

[LIST]
[*]Close any open browsers.
[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[*]Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Firefox::
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: liquiddigitalmedia.com
Trusted Zone: microsoft.com
Trusted Zone: turbotax.com
Trusted Zone: walmart.com
Trusted Zone: trymedia.com

[*]Save this as CFScript.txt, in the same location as ComboFix.exe



[*]Referring to the picture above, drag CFScript into ComboFix.exe
[*]When finished, it shall produce a log for you at C:\ComboFix.txt
[*]I don't need to see the log from this script.
****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.
[list]
[*]Double click Sysprot.exe to start the program.
[*]Click on the Log tab.
[*]In the Write to log box select the following items.
[list]
[*] Process [color=red]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Sat Jun 16, 2012 12:46 am

MAYDAY! the pc wont access the internet after rebooting. After my last post at 10:21 pm I went to bed . When my daugher statered the pc today it would not log on the the internet. All the WiFI is working The PC is C\plugged to the router and all that seems normal

The computer will not connect to the internet now. I m on our laptop. Verizon says its in the pc and all my settings are correct..

The PC seem to be operating otherwise the same just wont connect. I would apprecite some guidance

Chris

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Sat Jun 16, 2012 1:33 am

First of all, try to reset your router. Disconnect the power supply for more than 30secs.
If you can't connect you will have to download these tools on another computer and transfer them to this computer using the method I outlined earlier.


Please download [You must be registered and logged in to see this link.] to Desktop and run it.



Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size


Click Go and copy/paste the log (Result.txt) into your next post.
************************************************************
Please download [You must be registered and logged in to see this link.] and run it on the computer with the issue.

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Sat Jun 16, 2012 1:54 am

Router reset seemed to work...dang i should know that by now......
Anyway Reran combofix which found an infected file and repaired it preparing to download and run the sysProt thing. I assume you want to see the log from that one? Your post was not clear on that at the end.

Thanks for reconnecting me and now on to the show...

Chris

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Sat Jun 16, 2012 2:13 am

LOG FROM SYSPROT
SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 648
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 696
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 708
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 924
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Client\MsMpEng.exe
PID: 992
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1028
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1068
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 1400
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1620
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PID: 1656
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SASCore.exe
PID: 1808
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PID: 1820
Hidden: No
Window Visible: No

Name: C:\WINDOWS\arservice.exe
PID: 1836
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1924
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 2040
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 264
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PID: 408
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PID: 488
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 580
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\HPZipm12.exe
PID: 144
Hidden: No
Window Visible: No

Name: C:\Program Files\Secunia\PSI\psia.exe
PID: 2056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2352
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2408
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 2484
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 3700
Hidden: No
Window Visible: No

Name: C:\Program Files\Secunia\PSI\sua.exe
PID: 3776
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 3800
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Security Client\msseces.exe
PID: 3812
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 1880
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2036
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\HP_Administrator\Desktop\SysProt\SysProt\SysProt.exe
PID: 2212
Hidden: No
Window Visible: Yes


Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Sat Jun 16, 2012 4:32 pm

To add I did update Java and run JavaRA

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Sat Jun 16, 2012 7:33 pm

Please tell me how your computer is working now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Sat Jun 16, 2012 9:08 pm

The computer seems to behave better. its not resetting the icons anymore for one. No redirects that i noticed today.

I will run ESET now and get back to you when it is done

Thanks for all you've done. I want to ask for some recommandations when this is all over.

Chris

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Sun Jun 17, 2012 3:32 am

Here is log but EST did not give me a full window. It was cut off a bit and I could see just enough to start it. Only the scan archives box was check so the 3 threat were not cleaned.

C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\lpimsc.dll.vir a variant of Win32/Medfos.AG trojan
D:\I386\APPS\APP11902\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
D:\I386\APPS\APP11902\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Sun Jun 17, 2012 6:43 pm

Please run it again and clean the infections.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Mon Jun 18, 2012 9:01 pm

here tis has more infected files than last

C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\lpimsc.dll.vir a variant of Win32/Medfos.AG trojan cleaned by deleting - quarantined
D:\I386\APPS\APP11902\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\I386\APPS\APP11902\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP505\A0047149.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP505\A0047150.exe a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Mon Jun 18, 2012 10:14 pm

Ok. How's your computer running now? Any other issues before we clean up?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Mon Jun 18, 2012 11:42 pm

Legitnate links in e-mails wont work as i get a security message that says
"MICROSOFT OFFICE OUTLOOK This operation has been cancelled due to restriction in effect for your computer. Please Contact your system administrator"
Dont know if thats a setting or not.

Also i would like you recommendation for antivirus, antimalware, anti adware programs .

I have been using MSSE, Adaware free, and MBAM free. I manually scan the last two every few days. Can I do better?

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Mon Jun 18, 2012 11:54 pm

Legitnate links in e-mails wont work as i get a security message that says
"MICROSOFT OFFICE OUTLOOK This operation has been cancelled due to restriction in effect for your computer. Please Contact your system administrator"
Dont know if thats a setting or not.
That should be just a setting that can be changed.

Also i would like you recommendation for antivirus, antimalware, anti adware programs .
MSE is a good AV and the other malware scans are a good idea.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

***************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
**************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 1:57 am

Thanks for everything SUPERDAVE!

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 3:50 am

DAMMIT DAVE! No internet after running IEFIX. What did I do now? Geez.. Wont read flash drives eaither now...help

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 3:56 am

MiniToolBox by Farbar Version: 09-06-2012
Ran by HP_Administrator (administrator) on 18-06-2012 at 23:52:36
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection 3 (Disconnected)
1394 Net Adapter = 1394 Connection (Connected)
Linksys LNE100TX(v5) Fast Ethernet Adapter = Local Area Connection 5 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 5"

set address name="Local Area Connection 5" source=dhcp
set dns name="Local Area Connection 5" source=dhcp register=PRIMARY
set wins name="Local Area Connection 5" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : LIVINGROOM Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection 5: Connection-specific DNS Suffix . : myhome.westell.com Description . . . . . . . . . . . : Linksys LNE100TX(v5) Fast Ethernet Adapter Physical Address. . . . . . . . . : 00-1E-E5-D6-48-45 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.3.1Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e e5 d6 48 45 ...... Linksys LNE100TX(v5) Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/18/2012 10:43:49 PM) (Source: Application Error) (User: )
Description: Faulting application pev.3xe, version 0.0.0.0, faulting module pev.3xe, version 0.0.0.0, fault address 0x0008d1c0.
Processing media-specific event for [pev.3xe!ws!]

Error: (06/18/2012 03:46:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6000

Error: (06/18/2012 03:46:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6000

Error: (06/18/2012 03:46:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2012 07:35:49 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 4.0.1526.0, P3 timeout, P4 1.1.8403.0, P5 fixed, P6 2 _ 2049+, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (06/17/2012 07:35:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4303734

Error: (06/17/2012 07:35:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4303734

Error: (06/17/2012 07:35:48 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2012 08:22:22 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.

Error: (06/14/2012 04:34:17 PM) (Source: WinMgmt) (User: )
Description: WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.


System errors:
=============
Error: (06/18/2012 11:51:13 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:10 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:10 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:10 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:09 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:09 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:07 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:07 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:06 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083

Error: (06/18/2012 11:51:00 PM) (Source: Service Control Manager) (User: )
Description: The CryptSvc service failed to start due to the following error:
%%1083


Microsoft Office Sessions:
=========================
Error: (06/18/2012 10:43:49 PM) (Source: Application Error)(User: )
Description: pev.3xe0.0.0.0pev.3xe0.0.0.00008d1c0

Error: (06/18/2012 03:46:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6000

Error: (06/18/2012 03:46:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6000

Error: (06/18/2012 03:46:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/17/2012 07:35:49 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)4.0.1526.0timeout1.1.8403.0fixed2 _ 2049+5 _ not bootNILNILNIL

Error: (06/17/2012 07:35:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4303734

Error: (06/17/2012 07:35:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4303734

Error: (06/17/2012 07:35:48 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/14/2012 08:22:22 PM) (Source: WinMgmt)(User: )
Description:

Error: (06/14/2012 04:34:17 PM) (Source: WinMgmt)(User: )
Description:


========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 3006.48 MB
Available physical RAM: 2453.02 MB
Total Pagefile: 4286.65 MB
Available Pagefile: 3881.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.57 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:270.61 GB) (Free:132.94 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.82 GB) (Free:0.57 GB) FAT32
9 Drive k: () (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32
10 Drive l: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:572.96 GB) NTFS

========================= Users: ========================================

User accounts for \\LIVINGROOM

Administrator Catherine Guest
HelpAssistant HP_Administrator Jon
Jon Leonard SUPPORT_388945a0 SUPPORT_fddfa904


**** End of log ****

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 4:01 am

Farbar Service Scanner Version: 09-06-2012
Ran by HP_Administrator (administrator) on 18-06-2012 at 23:58:53
Running from "C:\Documents and Settings\HP_Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 9:24 pm

Super dave I found a restore point from early yesterday before the IEFIX mistake.. Could use help in getting things closed out again please. Internet is back. Links in e-mail still disabled.

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Tue Jun 19, 2012 10:11 pm

Could use help in getting things closed out again please.
What kind of help you need?
Wont read flash drives eaither now...help
Try unplugging your computer from the electrical source.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 10:17 pm

I apologize, I should have more specific. I need some help finding the setting that is not allowing me to clock on hyperlinks in e-mail and getting to the internet. I simply dont know where to look and IEfix gorked everything until I discovered I could go back to a restore point. Fortunately I found one just before the crap storm but after you cleaned up the nasties.

I think I am in a good place with just that hyperlink thing.

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Tue Jun 19, 2012 11:22 pm

Meaing its my only remaining problem and I want it fixed. Now I did some reading while sitting here and recided to reload some DLL files. I reregistered 5 out of 6 and hyperlinkers are working again ...BUT for one I get an error message that reads: "Mshtml.dll was loaded but, the Dllregisterserver entry point was not found. This file cannot be registered."

Thats where I am at now.


Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Wed Jun 20, 2012 8:52 pm

Dave ?

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Wed Jun 20, 2012 10:26 pm

The only thing I can suggest is MS Fix-It. You might also try look for help elsewhere one of the other forums on this site.

Please download and run MS Fix-it from [You must be registered and logged in to see this link.]

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Ubangy on Thu Jun 21, 2012 1:28 am

Thamks Dave i am grateful for all your help and direction.

Ubangy
Novice
Novice

Posts Posts : 40
Joined Joined : 2012-06-13
OS OS : Win XP Media Center SP3
Points Points : 16861
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by LIVE SECURITY PLATINUM

Post by Superdave on Thu Jun 21, 2012 1:36 am

You're welcome. It's too bad I couldn't help with that last part.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83181
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum