Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Your system is infected desktop

Started by Mii , Jan 26 2010 07:28 PM

  • This topic is locked This topic is locked
40 replies to this topic

#31 Mii

Mii

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 28 January 2010 - 11:25 PM

ComboFix 10-01-28.05 - Owner 01/28/2010 22:55:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.232 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\combo.com.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\EventSystem.log
c:\windows\system32\5041230.dll
c:\windows\system32\702642.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.

2010-01-28 04:02 . 2010-01-28 04:02 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-4BC5110200\IETldCache
2010-01-27 03:31 . 2010-01-27 03:31 -------- d-----w- C:\_OTL
2010-01-27 01:04 . 2010-01-27 01:16 -------- d-----w- c:\program files\LALALA
2010-01-27 00:54 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 00:54 . 2010-01-27 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 00:54 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 03:48 . 2010-01-24 03:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Red Kawa
2010-01-24 03:10 . 2010-01-24 03:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Regensoft
2010-01-22 02:55 . 2010-01-22 02:55 -------- d-----w- c:\program files\Red Kawa
2010-01-19 23:37 . 2010-01-19 23:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-12 22:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 01:51 . 2010-01-12 01:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Music Recognition
2010-01-09 01:04 . 2010-01-09 01:06 -------- d-----w- c:\documents and settings\Owner\Application Data\ooVoo Details
2010-01-07 23:20 . 2010-01-07 23:20 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-07 03:56 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-07 03:56 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-07 03:56 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-07 03:56 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-07 03:56 . 2010-01-07 03:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-01-07 03:53 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-07 03:53 . 2009-10-07 08:43 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-07 03:53 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-07 03:52 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-07 03:51 . 2010-01-07 03:56 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-01-07 03:51 . 2010-01-08 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-01-07 03:50 . 2010-01-07 03:50 -------- d-----w- c:\program files\Logitech
2010-01-04 05:19 . 2010-01-29 05:15 -------- d-----w- c:\documents and settings\Owner\Tracing
2010-01-04 05:17 . 2010-01-04 05:17 -------- d-----w- c:\program files\Microsoft
2010-01-04 05:16 . 2010-01-04 05:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-04 05:16 . 2010-01-04 05:17 -------- d-----w- c:\program files\Windows Live
2010-01-04 05:05 . 2010-01-04 05:05 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-04 04:27 . 2010-01-04 04:27 -------- d-----w- c:\program files\Common Files\Skype
2010-01-04 04:27 . 2010-01-04 04:28 -------- d-----r- c:\program files\Skype
2010-01-01 00:00 . 2009-04-28 16:08 461824 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-01-01 00:00 . 2007-11-02 17:07 6656 ----a-w- c:\windows\system32\CoInst.dll
2010-01-01 00:00 . 2010-01-01 00:00 -------- d-----w- c:\windows\Pixart
2009-12-31 21:50 . 2009-12-31 21:50 -------- d-----w- c:\documents and settings\Taylor\Application Data\DivX
2009-12-31 21:45 . 2009-12-31 21:46 -------- d-----w- c:\documents and settings\Taylor\Application Data\ArcSoft
2009-12-30 23:55 . 2009-12-30 23:55 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-29 05:15 . 2006-11-27 22:45 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2010-01-29 05:11 . 2009-11-24 03:43 -------- d-----w- c:\documents and settings\Owner\Application Data\WTablet
2010-01-29 03:56 . 2010-01-07 17:05 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-29 03:56 . 2010-01-07 03:52 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-29 03:42 . 2006-11-12 21:07 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-29 00:45 . 2008-09-01 20:33 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 22:22 . 2009-06-09 19:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-01-27 21:56 . 2009-06-09 20:00 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-01-27 00:06 . 2006-06-30 04:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-27 00:04 . 2008-12-07 23:25 -------- d-----w- c:\program files\Winamp
2010-01-26 23:49 . 2010-01-26 23:53 3807232 ----a-w- c:\windows\Internet Logs\xDBB4.tmp
2010-01-26 23:49 . 2010-01-26 23:53 262144 ----a-w- c:\windows\Internet Logs\xDBB3.tmp
2010-01-25 02:26 . 2009-06-09 20:19 -------- d-----w- c:\documents and settings\Taylor\Application Data\Skype
2010-01-25 02:22 . 2009-06-09 20:20 -------- d-----w- c:\documents and settings\Taylor\Application Data\skypePM
2010-01-24 18:42 . 2006-11-27 05:36 -------- d-----w- c:\documents and settings\Taylor\Application Data\OpenOffice.org2
2010-01-22 02:56 . 2009-12-30 01:01 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-20 21:24 . 2009-07-22 22:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 04:48 . 2010-01-19 12:21 1155584 ----a-w- c:\windows\Internet Logs\xDBB2.tmp
2010-01-13 03:26 . 2009-04-07 03:10 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0
2010-01-11 05:55 . 2009-12-25 15:51 -------- d-----w- c:\program files\ArcSoft
2010-01-09 22:07 . 2006-08-30 22:13 51216 ----a-w- c:\documents and settings\Taylor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-04 04:26 . 2009-06-09 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-31 04:44 . 2006-08-06 19:29 51216 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 04:41 . 2009-12-31 14:09 840192 ----a-w- c:\windows\Internet Logs\xDBB1.tmp
2009-12-29 22:42 . 2009-06-27 22:07 -------- d-----w- c:\documents and settings\Taylor\Application Data\gtk-2.0
2009-12-29 22:37 . 2009-12-29 22:37 46848 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-29 22:34 . 2009-12-29 22:31 -------- d-----w- c:\documents and settings\Taylor\Application Data\Apple Computer
2009-12-29 04:17 . 2009-12-29 04:05 -------- d-----w- c:\program files\NCH Software
2009-12-29 04:06 . 2009-12-29 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-12-28 06:49 . 2009-12-28 06:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-12-28 06:13 . 2009-12-28 06:11 -------- d-----w- c:\program files\iTunes
2009-12-28 06:13 . 2009-12-28 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 06:11 . 2009-12-28 06:11 -------- d-----w- c:\program files\iPod
2009-12-28 06:11 . 2009-12-28 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-28 06:11 . 2009-12-28 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-28 06:10 . 2009-12-28 06:10 -------- d-----w- c:\program files\Bonjour
2009-12-28 06:10 . 2009-12-28 06:09 -------- d-----w- c:\program files\QuickTime
2009-12-28 06:08 . 2009-12-28 06:08 -------- d-----w- c:\program files\Apple Software Update
2009-12-28 06:07 . 2009-12-28 06:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-25 16:32 . 2009-12-25 16:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2009-12-25 16:01 . 2009-12-25 16:00 -------- d-----w- c:\documents and settings\Owner\Application Data\ArcSoft
2009-12-22 05:13 . 2009-12-22 05:12 -------- d-----w- c:\documents and settings\Taylor\Application Data\HpUpdate
2009-12-21 19:14 . 2004-08-26 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 17:14 . 2009-12-21 17:14 79488 ----a-w- c:\documents and settings\Taylor\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-21 05:59 . 2009-12-21 17:06 1515520 ----a-w- c:\windows\Internet Logs\xDBB0.tmp
2009-12-16 21:31 . 2007-01-30 05:08 23385342 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-15 02:45 . 2009-12-15 02:45 -------- d-----w- c:\program files\Veoh Networks
2009-12-15 02:24 . 2009-01-15 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp
2009-12-13 02:58 . 2009-12-13 02:58 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\WTablet
2009-12-09 06:14 . 2009-11-09 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-07 08:01 . 2009-12-07 08:01 2238 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7B4C7725-C677-43EE-BD57-68C30B150CAF}\_D64105F3D74E680CF36D93.exe
2009-12-07 08:01 . 2009-12-07 08:01 2238 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{7B4C7725-C677-43EE-BD57-68C30B150CAF}\_49A77C426E6216142CDC1D.exe
2009-12-07 05:21 . 2009-12-07 03:53 -------- d--h--w- c:\program files\InstallJammer Registry
2009-12-02 04:30 . 2009-12-02 21:26 258560 ----a-w- c:\windows\Internet Logs\xDBAF.tmp
2009-12-02 01:20 . 2009-04-07 00:36 -------- d-----w- c:\program files\GIMP-2.0
2009-11-30 22:14 . 2009-11-30 22:14 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-11-26 04:28 . 2009-11-26 14:33 595968 ----a-w- c:\windows\Internet Logs\xDBAE.tmp
2009-11-24 21:52 . 2009-11-21 21:44 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2004-08-26 16:11 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 03:05 . 2009-11-16 03:45 8704 ----a-w- c:\windows\Internet Logs\xDBC5.tmp
2009-11-16 02:54 . 2009-11-16 03:05 66560 ----a-w- c:\windows\Internet Logs\xDBAD.tmp
2009-11-16 01:58 . 2009-11-16 02:12 8704 ----a-w- c:\windows\Internet Logs\xDBAC.tmp
2009-11-16 01:49 . 2009-11-16 01:58 40960 ----a-w- c:\windows\Internet Logs\xDBAB.tmp
2009-11-16 01:34 . 2009-11-16 01:47 3156480 ----a-w- c:\windows\Internet Logs\xDBAA.tmp
2009-11-16 01:34 . 2009-11-16 01:47 22528 ----a-w- c:\windows\Internet Logs\xDBA9.tmp
2009-11-16 01:10 . 2009-11-16 01:32 16384 ----a-w- c:\windows\Internet Logs\xDBA7.tmp
2009-11-16 01:10 . 2009-11-16 01:32 3156480 ----a-w- c:\windows\Internet Logs\xDBA8.tmp
2009-11-16 00:58 . 2009-11-16 01:08 3156480 ----a-w- c:\windows\Internet Logs\xDBA6.tmp
2009-11-16 00:58 . 2009-11-16 01:08 66560 ----a-w- c:\windows\Internet Logs\xDBA5.tmp
2009-11-15 01:00 . 2009-11-15 01:02 31744 ----a-w- c:\windows\Internet Logs\xDBA4.tmp
2009-11-14 15:28 . 2009-11-14 15:47 3144192 ----a-w- c:\windows\Internet Logs\xDBA3.tmp
2009-11-14 15:28 . 2009-11-14 15:47 81920 ----a-w- c:\windows\Internet Logs\xDBA2.tmp
2009-11-13 16:48 . 2009-11-13 16:59 3143680 ----a-w- c:\windows\Internet Logs\xDBA1.tmp
2009-11-13 16:48 . 2009-11-13 16:59 35840 ----a-w- c:\windows\Internet Logs\xDBA0.tmp
2009-11-12 23:59 . 2009-11-13 16:26 3142144 ----a-w- c:\windows\Internet Logs\xDB9F.tmp
2009-11-12 23:07 . 2009-11-12 23:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 17:06 . 2009-11-12 17:10 3141632 ----a-w- c:\windows\Internet Logs\xDB9E.tmp
2009-11-12 17:06 . 2009-11-12 17:10 25088 ----a-w- c:\windows\Internet Logs\xDB9D.tmp
2009-11-12 16:52 . 2009-11-12 16:59 16384 ----a-w- c:\windows\Internet Logs\xDB9B.tmp
2009-11-12 16:44 . 2009-11-12 16:59 3141120 ----a-w- c:\windows\Internet Logs\xDB9C.tmp
2009-11-12 16:26 . 2009-11-12 16:42 22016 ----a-w- c:\windows\Internet Logs\xDB9A.tmp
2009-11-12 16:18 . 2009-11-12 16:24 24576 ----a-w- c:\windows\Internet Logs\xDB98.tmp
2009-11-12 16:18 . 2009-11-12 16:24 3141632 ----a-w- c:\windows\Internet Logs\xDB99.tmp
2009-11-12 14:52 . 2009-11-12 14:59 3142144 ----a-w- c:\windows\Internet Logs\xDB97.tmp
2009-11-12 14:52 . 2009-11-12 14:59 29696 ----a-w- c:\windows\Internet Logs\xDB96.tmp
2009-11-12 00:23 . 2009-11-12 14:33 3139072 ----a-w- c:\windows\Internet Logs\xDB95.tmp
2009-11-11 16:10 . 2009-11-11 16:15 3138560 ----a-w- c:\windows\Internet Logs\xDB94.tmp
2009-11-11 16:10 . 2009-11-11 16:15 22016 ----a-w- c:\windows\Internet Logs\xDB93.tmp
2009-11-11 16:00 . 2009-11-11 16:08 3138560 ----a-w- c:\windows\Internet Logs\xDB92.tmp
2009-11-11 15:53 . 2009-11-11 16:08 23552 ----a-w- c:\windows\Internet Logs\xDB91.tmp
2009-11-11 15:42 . 2009-11-11 15:51 3138560 ----a-w- c:\windows\Internet Logs\xDB90.tmp
2009-11-11 15:42 . 2009-11-11 15:51 22528 ----a-w- c:\windows\Internet Logs\xDB8F.tmp
2009-11-11 15:33 . 2009-11-11 15:40 22016 ----a-w- c:\windows\Internet Logs\xDB8D.tmp
2009-11-11 15:33 . 2009-11-11 15:40 3138560 ----a-w- c:\windows\Internet Logs\xDB8E.tmp
2009-11-11 15:29 . 2009-11-11 15:31 3138048 ----a-w- c:\windows\Internet Logs\xDB8C.tmp
2009-11-11 15:24 . 2009-11-11 15:31 32256 ----a-w- c:\windows\Internet Logs\xDB8B.tmp
2009-11-11 15:11 . 2009-11-11 15:22 3139072 ----a-w- c:\windows\Internet Logs\xDB8A.tmp
2009-11-11 05:06 . 2009-11-11 14:50 3137024 ----a-w- c:\windows\Internet Logs\xDB89.tmp
2009-11-11 01:07 . 2009-11-11 02:12 3136512 ----a-w- c:\windows\Internet Logs\xDB88.tmp
2009-11-10 22:10 . 2009-11-10 22:29 3136000 ----a-w- c:\windows\Internet Logs\xDB87.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]

c:\documents and settings\Taylor\Start Menu\Programs\Startup\MRI_DISABLED
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MRI_DISABLED]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AppMgmt"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58910:TCP"= 58910:TCP:Pando Media Booster
"58910:UDP"= 58910:UDP:Pando Media Booster
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [11/23/2009 9:42 PM 3032360]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [6/29/2006 10:52 PM 200576]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/23/2009 9:42 PM 15144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
.
- - - - ORPHANS REMOVED - - - -

BHO-{99756919-C498-4D97-9E20-2076DE0E42B9} - c:\documents and settings\Owner\My Documents\Avi Art\ext\eiexxpw.dll
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
SafeBoot-MRI_DISABLED\AppMgmt
MSConfigStartUp-9c5b2548 - c:\windows\system32\rarayuna.dll
MSConfigStartUp-CPM9f6816d4 - c:\windows\system32\boliraka.dll
MSConfigStartUp-gurojifori - c:\windows\system32\wakozawa.dll
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-HijackThis - c:\documents and settings\Daddy\My Documents\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 23:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\MRI_DISABLED]
"AppInit_Dlls"=multi:"c:\\windows\\system32\\boliraka.dll\00c:\\windows\\system32\\tajojeti.dll\00c:\\windows\\system32\\jukohani.dll\00c:\\WINDOWS\\system32\\pisesiro.dll\00\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-01-28 23:21:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 05:21

Pre-Run: 39,430,475,776 bytes free
Post-Run: 39,498,055,680 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /bootlog

- - End Of File - - FA56A237F46DB35F636CD56E8A358E89

    Advertisements

Register to Remove

#32 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 29 January 2010 - 09:24 AM

Hi,

Please do the following:

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#33 Mii

Mii

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 29 January 2010 - 05:48 PM

My internet connection is too unstable and slow that it won't download the updates all the way. It just keeps getting interrupted and failing to finish.

#34 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 29 January 2010 - 06:00 PM

Hi,

Try this scanner:


Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#35 Mii

Mii

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 29 January 2010 - 09:53 PM

ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=2e8462fddd470c44abca1cc28aa64b98 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-01-30 03:42:37 # local_time=2010-01-29 09:42:37 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16776854 100 77 5554468 8129968 0 0 # scanned=91345 # found=4 # cleaned=0 # scan_time=7126 C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I C:\_OTL\MovedFiles\01262010_213119\C_WINDOWS\System32\smss32.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\_OTL\MovedFiles\01262010_213119\C_WINDOWS\System32\warning.html Win32/TrojanDownloader.FakeAlert.AED virus 00000000000000000000000000000000 I C:\_OTL\MovedFiles\01262010_213119\C_WINDOWS\System32\winlogon32.exe Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I Everything seems fine now, except the fact my laptop is still slower than usual and freezes from time to time.

#36 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 29 January 2010 - 10:21 PM

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Program Files\Windows Live\Messenger\riched20.dll"




NEXT


Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues

Please download DDS from LINK 1 or LINK 2
and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#37 Mii

Mii

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 30 January 2010 - 02:07 PM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 14:03:13.15 on Sat 01/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.206 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.0\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mri_di~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-11-15 128016]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-11 486280]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 3032360]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-6-29 200576]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-11-15 317072]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-23 15144]

=============== Created Last 30 ================

2010-01-30 01:08:41 0 d-----w- c:\program files\ESET
2010-01-29 04:52:00 0 d-sha-r- C:\cmdcons
2010-01-29 04:49:29 98816 ----a-w- c:\windows\sed.exe
2010-01-29 04:49:29 77312 ----a-w- c:\windows\MBR.exe
2010-01-29 04:49:29 261632 ----a-w- c:\windows\PEV.exe
2010-01-29 04:49:29 161792 ----a-w- c:\windows\SWREG.exe
2010-01-27 03:31:19 0 d-----w- C:\_OTL
2010-01-27 01:04:09 0 d-----w- c:\program files\LALALA
2010-01-27 00:54:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-27 00:54:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-27 00:54:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 03:48:30 0 d-----w- c:\docume~1\owner\applic~1\Red Kawa
2010-01-24 03:10:13 0 d-----w- c:\docume~1\owner\applic~1\Regensoft
2010-01-22 02:55:45 0 d-----w- c:\program files\Red Kawa
2010-01-20 21:28:40 0 ----a-w- c:\documents and settings\owner\Ÿ=Ÿ=
2010-01-13 03:26:45 6915 ----a-w- c:\documents and settings\owner\.recently-used.xbel
2010-01-12 22:17:25 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 01:04:56 0 d-----w- c:\docume~1\owner\applic~1\ooVoo Details
2010-01-07 23:20:56 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-07 17:05:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-07 03:56:55 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-01-07 03:56:54 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-01-07 03:56:53 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-01-07 03:56:52 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg
2010-01-07 03:56:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-01-07 03:53:45 82289 ----a-r- c:\windows\system32\lvcoinst.ini
2010-01-07 03:53:45 34068 ----a-r- c:\windows\system32\Repository.reg
2010-01-07 03:53:45 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-01-07 03:53:45 199192 ----a-r- c:\windows\system32\lvci12101110.dll
2010-01-07 03:52:59 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-07 03:52:54 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-01-07 03:49:21 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-01-07 03:49:21 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-01-04 05:19:24 0 d-----w- c:\documents and settings\owner\Tracing
2010-01-04 05:17:25 0 d-----w- c:\program files\Microsoft
2010-01-04 05:16:49 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-04 05:05:12 0 d-----w- c:\program files\common files\Windows Live
2010-01-04 04:27:02 0 d-----r- c:\program files\Skype
2010-01-01 00:00:54 6656 ----a-w- c:\windows\system32\CoInst.dll
2010-01-01 00:00:54 461824 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-01-01 00:00:38 0 d-----w- c:\windows\Pixart

==================== Find3M ====================

2010-01-30 19:54:17 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-29 22:37:14 46848 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-11-08 07:25:50 179846 ----a-w- c:\windows\hpwins14.dat
2009-07-12 04:09:56 76923784 ----a-w- c:\program files\zaSuiteSetup_80_400_020_en.exe

============= FINISH: 14:04:58.12 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2006 6:52:17 PM
System Uptime: 1/30/2010 1:37:05 PM (1 hours ago)

Motherboard: Gateway | |
Processor: AMD Turion™ 64 Mobile Technology ML-32 | Socket 754 | 1794/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 36.405 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 4.328 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\5AB1FE0B803
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\5AB1FE0B803
Service: NIC1394

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Officejet J6400 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet J6400,192.168.2.4
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet J6400 series
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\PRINTER\0000
Service:

==== System Restore Points ===================

RP121: 11/9/2009 11:45:45 PM - Software Distribution Service 3.0
RP122: 11/12/2009 8:22:15 AM - Software Distribution Service 3.0
RP123: 11/12/2009 8:42:34 AM - Software Distribution Service 3.0
RP124: 11/12/2009 9:02:23 AM - Software Distribution Service 3.0
RP125: 11/13/2009 10:35:40 AM - Software Distribution Service 3.0
RP126: 11/14/2009 10:28:51 PM - Software Distribution Service 3.0
RP127: 11/15/2009 2:16:43 PM - Software Distribution Service 3.0
RP128: 11/16/2009 9:54:20 PM - Configured Microsoft Office Home and Student 2007 Trial
RP129: 11/17/2009 12:18:01 AM - Software Distribution Service 3.0
RP130: 11/17/2009 9:23:24 PM - Software Distribution Service 3.0
RP131: 11/19/2009 6:32:00 PM - System Checkpoint
RP132: 11/20/2009 9:58:57 PM - Software Distribution Service 3.0
RP133: 11/22/2009 3:34:00 PM - System Checkpoint
RP134: 11/23/2009 5:59:46 PM - System Checkpoint
RP135: 11/24/2009 10:52:33 PM - Software Distribution Service 3.0
RP136: 12/2/2009 10:16:20 PM - Configured Microsoft Office Home and Student 2007 Trial
RP137: 12/6/2009 1:14:53 PM - System Checkpoint
RP138: 12/6/2009 11:13:31 PM - Removed Joydesk Games Setup - Silly
RP139: 12/6/2009 11:32:15 PM - Restore Operation
RP140: 12/6/2009 11:43:53 PM - 12/05/09 11:58 PM
RP141: 12/6/2009 11:49:00 PM - Installed PC Inspector File Recovery
RP143: 12/7/2009 5:03:25 PM - Removed Joydesk Games Setup - Puzzle
RP144: 12/9/2009 12:10:02 AM - Software Distribution Service 3.0
RP145: 12/11/2009 6:51:36 PM - System Checkpoint
RP146: 12/12/2009 7:49:47 PM - System Checkpoint
RP147: 12/13/2009 7:53:59 PM - System Checkpoint
RP148: 12/15/2009 12:18:26 AM - System Checkpoint
RP149: 12/18/2009 1:46:59 PM - System Checkpoint
RP150: 12/18/2009 10:25:37 PM - Software Distribution Service 3.0
RP151: 12/20/2009 6:37:20 PM - System Checkpoint
RP152: 12/21/2009 11:07:36 PM - Removed Joydesk Games Setup - Arcade
RP154: 12/25/2009 9:51:09 AM - Installed VideoImpression
RP155: 12/25/2009 9:52:35 AM - Installed PhotoImpression
RP156: 12/25/2009 10:06:04 AM - Removed PhotoImpression
RP157: 12/25/2009 10:07:15 AM - Removed VideoImpression
RP164: 12/25/2009 10:25:25 AM - Installed VideoImpression
RP165: 12/26/2009 12:58:39 PM - System Checkpoint
RP166: 12/28/2009 12:11:14 AM - Installed iTunes
RP167: 12/29/2009 12:19:49 PM - System Checkpoint
RP173: 12/31/2009 5:31:27 PM - Removed VGA USB Camera
RP174: 12/31/2009 6:00:34 PM - Installed VGA USB Camera
RP175: 1/3/2010 10:21:17 PM - Removed Skype™ 4.0
RP176: 1/4/2010 2:17:02 PM - Software Distribution Service 3.0
RP177: 1/5/2010 7:34:39 PM - Removed VGA USB Camera
RP178: 1/6/2010 9:52:15 PM - Logitech Webcam Software v12.10.1110
RP179: 1/7/2010 5:20:48 PM - Software Distribution Service 3.0
RP180: 1/8/2010 7:04:34 PM - Installed ooVoo
RP181: 1/10/2010 11:54:56 PM - Removed VideoImpression
RP182: 1/13/2010 7:03:44 PM - Software Distribution Service 3.0
RP183: 1/13/2010 7:12:32 PM - Software Distribution Service 3.0
RP184: 1/15/2010 6:06:47 PM - System Checkpoint
RP185: 1/17/2010 5:56:37 PM - System Checkpoint
RP186: 1/19/2010 4:22:39 PM - System Checkpoint
RP187: 1/19/2010 5:44:00 PM - Software Distribution Service 3.0
RP188: 1/21/2010 7:17:12 PM - Software Distribution Service 3.0
RP189: 1/26/2010 6:06:46 PM - Removed ooVoo
RP190: 1/30/2010 10:52:41 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
6400_Help
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
AniTuner
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AviSynth 2.5
BigFix
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom 802.11 Network Adapter
BufferChm
ccff7_screensaver
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
DVD Solution
ESET Online Scanner v3
eSupportQFolder
Fax
Final Fantasy X-2?????????
GIMP 2.6.6
GPBaseService
gtw_logo
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Officejet J6400 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP_Network_UserGuide
HPProductAssistant
iTunes
J6400
Japanese Fonts Support For Adobe Reader 9
Java™ 6 Update 13
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
MarketResearch
Media Player Codec Pack 3.9.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Excel 2000 Session 1
Microsoft IntelliPoint 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Application Compatibility Database
Microsoft Works
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Napster
Napster Burn Engine
Network
OCR Software by I.R.I.S. 10.0
OpenOffice.org 2.0
Pando Media Booster
Pen Tablet
PhotoScape
Pirates HV Screensaver Screen Saver
Power2Go 4.0
PowerDVD
ProductContext
PSSWCORE
QuickTime
Recovery Software Suite Gateway
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Skype web features
Skype™ 4.1
SmartWebPrintingOC
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UTAU ???????
VC 9.0 Runtime
VideoToolkit01
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm Security Suite

==== Event Viewer Messages From Past Week ========

1/29/2010 9:14:13 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer YOUR-727A0A4E7C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6AC3D9A1-394. The master browser is stopping or an election is being forced.
1/29/2010 4:48:32 PM, error: Service Control Manager [7000] - The KLIF service failed to start due to the following error: The system cannot find the file specified.
1/28/2010 7:01:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
1/28/2010 6:58:28 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/27/2010 10:04:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/27/2010 10:03:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/27/2010 10:02:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec kl1 MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant WS2IFSL
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/27/2010 10:02:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/26/2010 9:31:23 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:21 PM, error: Service Control Manager [7034] - The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:21 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:21 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:21 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:20 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:20 PM, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:20 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:20 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/26/2010 9:31:20 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/26/2010 7:12:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/26/2010 7:12:14 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2010 7:11:38 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
1/26/2010 7:11:00 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
1/26/2010 7:00:25 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
1/25/2010 9:51:29 PM, error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).
1/25/2010 6:15:44 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00C0A8BC334F. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
1/24/2010 7:22:40 PM, error: Print [6161] - The document http://maps.google.c...=4717 eagle woo owned by Daddy failed to print on printer HP Officejet J6400 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 684644. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\YOUR-4BC5110200. Win32 error code returned by the print processor: 6 (0x6).

==== End Of File ===========================

So far the computer is running fine.

Edited by Mii, 30 January 2010 - 02:08 PM.

#38 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 30 January 2010 - 03:12 PM

Hi,

The logs look clean, just some housekeeping to do now.

Please do the following:

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 18 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 18 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u18 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If any logs/tools remain on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • For realtime protection against spyware, try SpywareTerminator


    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.


  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#39 Mii

Mii

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 31 January 2010 - 09:04 PM

Ok thank you so much~ XDD I really appreciated the help~

#40 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 31 January 2010 - 09:09 PM

You are more than welcome stay safe :wavey: ~CB

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

    Advertisements

Register to Remove

#41 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,060 posts
  • MVP

Posted 31 January 2010 - 09:10 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·