Your PC protector spyware

February 7, 2010 at 13:44:23
Specs: Windows XP
This is spyware "Your PC Protector" is doing what all of them do, keep spamming popups, saying files are infected and not allowing me to delete it. I can't get malwarebytes to start either. Help please.

See More: Your PC protector spyware

Report •

#1
February 7, 2010 at 15:05:12
Now all of my files including firefox, which took me a few minutes to loop around this program are infected and takes a long time just to open. Please help now.

Report •

#2
February 7, 2010 at 15:47:57
tap f8 on bootup and choose safe mode.
Then run malwarebytes

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
February 7, 2010 at 16:05:41
Brien, as a result of you PM I am entering the post.

You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Total PC Defender and other fake anti-malware programs when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the program . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Then try to run malwarebytes and post its log.


Report •

Related Solutions

#4
February 7, 2010 at 16:58:58
I would try safemode first, it will save you LOTS of time ;-)

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
February 7, 2010 at 18:25:21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\busofiyo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bovenage.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\yatodode.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f384390-529d-41cd-89d3-84d091b553e1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8f384390-529d-41cd-89d3-84d091b553e1} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2f296efe-8978-4044-a8a2-d5748ecd8e55} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntiSpyware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntiSpyware) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kibifofol (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{2f296efe-8978-4044-a8a2-d5748ecd8e55} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hehijabow (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: bovenage.dll -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\busofiyo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bovenage.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\finetesu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gozonisi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mutemumi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\serehera.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tadovoyi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tazatetu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yatodode.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\adc32.dll (Rogue.ASCAntiSpyware) -> No action taken.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP264\A0056275.sys (Malware.Trace) -> No action taken.


Report •

#6
February 7, 2010 at 19:20:44
Please tell what i should delete.

Report •

#7
February 7, 2010 at 19:22:41
Run Malwarebytes again.


1. When the scan is complete, click OK, then Show Results to view the results.
2. Make sure that everything found is checked, and click Remove Selected.
3. If it need to reboot allow it to and run Rkill again after it reboots.

Remember..your Nortons antivirus, Windows Defender, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#8
February 7, 2010 at 20:49:46
ComboFix 10-02-07.06 - HP_Administrator 02/07/2010 22:29:12.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.610 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\program files\nuar.old
c:\program files\wp3.dat
c:\program files\wp4.dat
c:\windows\Tasks\rtceomvx.job
c:\windows\Tasks\terjzlxa.job
.
---- Previous Run -------
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
c:\windows\kb913800.exe
c:\windows\system32\12497.exe
c:\windows\system32\15864.exe
c:\windows\system32\19295.exe
c:\windows\system32\21571.exe
c:\windows\system32\2186.exe
c:\windows\system32\23568.exe
c:\windows\system32\24263.exe
c:\windows\system32\2491.exe
c:\windows\system32\25227.exe
c:\windows\system32\27443.exe
c:\windows\system32\28739.exe
c:\windows\system32\2884.exe
c:\windows\system32\29735.exe
c:\windows\system32\5305.exe
c:\windows\system32\6810.exe
c:\windows\system32\7508.exe
c:\windows\system32\7802.exe
c:\windows\system32\ps2.bat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-08 00:53 . 2010-02-08 00:53 -------- d--h--w- c:\windows\PIF
2010-02-07 21:39 . 2010-02-07 21:39 -------- d-----w- c:\program files\schtml
2010-02-07 21:34 . 2010-02-07 21:34 36 ----a-w- c:\program files\skynet.dat
2010-02-06 19:16 . 2010-02-06 19:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert
2010-02-06 06:27 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 06:27 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 06:27 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 06:27 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 06:27 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 06:27 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-06 06:18 . 2009-10-30 17:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 06:18 . 2009-11-09 17:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 06:18 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 06:18 . 2009-09-03 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 06:18 . 2010-02-06 18:20 -------- d-----w- c:\program files\Spyware Doctor
2010-02-06 06:18 . 2010-02-06 06:27 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-06 06:18 . 2010-02-06 06:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PC Tools
2010-02-06 06:18 . 2010-02-06 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-04 13:07 . 2010-02-04 13:07 -------- d-----w- c:\documents and settings\Kathy\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 04:40 . 2009-06-19 19:48 -------- d-----w- c:\program files\Steam
2010-02-08 04:38 . 2009-06-26 07:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-08 03:27 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mIRC
2010-02-08 03:26 . 2009-06-19 13:56 -------- d-----w- c:\program files\mIRC
2010-02-08 00:57 . 2009-12-23 04:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 22:21 . 2009-06-20 09:22 -------- d-----w- c:\program files\Warcraft III
2010-02-06 19:18 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2010-02-06 06:05 . 2010-01-01 11:38 -------- d-----w- c:\program files\SpywareBlaster
2010-01-22 13:35 . 2009-07-30 15:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-01-21 19:26 . 2009-07-02 07:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 09:23 . 2009-06-19 15:18 -------- d-----w- c:\program files\McAfee
2010-01-07 22:07 . 2009-12-23 04:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-23 04:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00 . 2009-11-15 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 12:00 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2010-01-01 11:59 . 2010-01-01 11:59 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-29 04:40 . 2004-08-10 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40 . 2004-08-10 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22 . 2009-12-24 09:53 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19 . 2009-12-24 09:53 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-25 01:26 . 2009-12-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-25 01:26 . 2009-12-24 09:31 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-25 01:18 . 2009-12-24 09:22 -------- d-----w- c:\program files\UnHackMe
2009-12-24 09:59 . 2009-12-24 09:59 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-24 09:53 . 2009-12-24 09:53 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53 . 2009-12-24 09:53 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-24 09:31 . 2009-12-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-12-24 09:22 . 2009-12-24 09:22 2 --shatr- c:\windows\winstart.bat
2009-12-23 04:24 . 2009-12-23 04:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-12-23 04:23 . 2009-12-23 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 05:42 . 2004-08-10 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2009-06-19 16:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 23:40 . 2009-07-09 16:37 -------- d-----w- c:\program files\Common Files\Motive
2009-12-02 14:35 . 2009-12-12 04:17 755200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\pmv3052a-0912021-0-libOctoshapeClient.dll
2009-11-21 16:36 . 2004-08-10 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-31 1217808]
"Octoshape Streaming Services"="c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-18 339968]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-01 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-01 149280]

c:\documents and settings\Kathy\Start Menu\Programs\Startup\
barebones.exe [2009-10-23 4239771]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:wc3
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/6/2010 12:18 AM 207792]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/6/2010 12:27 AM 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/19/2009 9:21 AM 93320]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 10:09 PM 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/6/2010 12:18 AM 359624]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-10 12:00 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 17:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\documents and settings\HP_Administrator\Desktop\mbam-installer\explorer.exe
AddRemove-HijackThis - c:\documents and settings\HP_Administrator\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 22:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3192)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-02-07 22:47:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 04:47

Pre-Run: 130,334,806,016 bytes free
Post-Run: 130,443,730,944 bytes free

- - End Of File - - A4EDE1D96D18DD0CA48905069FECD6C8


Report •

#9
February 8, 2010 at 05:29:32
Are you still getting popups or being redirected?

IF not do the following.

Limewire should be uninstalled as it is a p2p program that allows a shared folder to be unprotected by your antivirus.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

Let me know how the computer is operating.

Y


Report •

#10
February 8, 2010 at 21:34:42
besides random popups in every browser i try and my ping in games is 20+ above normal, which these things are not connected to this, my computer is fine.

thank you


Report •

#11
February 9, 2010 at 04:07:23
Hang in there we should be able to fix it.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.


Report •

#12
February 9, 2010 at 11:27:42
to start Malwarebytes Antimalware program you'll have to recover .EXE file extension that has been blocked by Your PC Protector.

::


Report •

#13
February 9, 2010 at 17:42:25
19:40:06:781 5440 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
19:40:06:781 5440 ================================================================================
19:40:06:781 5440 SystemInfo:

19:40:06:781 5440 OS Version: 5.1.2600 ServicePack: 2.0
19:40:06:781 5440 Product type: Workstation
19:40:06:781 5440 ComputerName: YOUR-4DACD0EA75
19:40:06:781 5440 UserName: HP_Administrator
19:40:06:781 5440 Windows directory: C:\WINDOWS
19:40:06:781 5440 Processor architecture: Intel x86
19:40:06:781 5440 Number of processors: 1
19:40:06:781 5440 Page size: 0x1000
19:40:06:781 5440 Boot type: Normal boot
19:40:06:781 5440 ================================================================================
19:40:06:812 5440 UnloadDriverW: NtUnloadDriver error 2
19:40:06:812 5440 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:40:06:828 5440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
19:40:07:015 5440 UtilityInit: KLMD drop and load success
19:40:07:015 5440 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
19:40:07:015 5440 UtilityInit: KLMD open success
19:40:07:015 5440 UtilityInit: Initialize success
19:40:07:015 5440
19:40:07:015 5440 Scanning Services ...
19:40:07:015 5440 CreateRegParser: Registry parser init started
19:40:07:015 5440 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
19:40:07:015 5440 CreateRegParser: DisableWow64Redirection error
19:40:07:015 5440 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:40:07:015 5440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
19:40:07:015 5440 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:40:07:015 5440 wfopen_ex: Trying to KLMD file open
19:40:07:015 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
19:40:07:015 5440 wfopen_ex: File opened ok (Flags 2)
19:40:07:015 5440 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: A64C70
19:40:07:015 5440 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:40:07:015 5440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
19:40:07:015 5440 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:40:07:015 5440 wfopen_ex: Trying to KLMD file open
19:40:07:015 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
19:40:07:015 5440 wfopen_ex: File opened ok (Flags 2)
19:40:07:015 5440 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: A64AE8
19:40:07:015 5440 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
19:40:07:015 5440 CreateRegParser: EnableWow64Redirection error
19:40:07:015 5440 CreateRegParser: RegParser init completed
19:40:07:375 5440 GetAdvancedServicesInfo: Raw services enum returned 368 services
19:40:07:390 5440 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:40:07:390 5440 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:40:07:390 5440
19:40:07:390 5440 Scanning Kernel memory ...
19:40:07:390 5440 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
19:40:07:390 5440 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 86776938
19:40:07:390 5440 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects
19:40:07:390 5440
19:40:07:390 5440 DetectCureTDL3: DEVICE_OBJECT: 8623C030
19:40:07:390 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8623C030
19:40:07:390 5440 KLMD_ReadMem: Trying to ReadMemory 0x8623C030[0x38]
19:40:07:390 5440 DetectCureTDL3: DRIVER_OBJECT: 86776938
19:40:07:390 5440 KLMD_ReadMem: Trying to ReadMemory 0x86776938[0xA8]
19:40:07:390 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1002458[0x18]
19:40:07:390 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:40:07:390 5440 DetectCureTDL3: IrpHandler (0) addr: F7676C30
19:40:07:390 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (2) addr: F7676C30
19:40:07:390 5440 DetectCureTDL3: IrpHandler (3) addr: F7670D9B
19:40:07:390 5440 DetectCureTDL3: IrpHandler (4) addr: F7670D9B
19:40:07:390 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (9) addr: F7671366
19:40:07:390 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (14) addr: F767144D
19:40:07:390 5440 DetectCureTDL3: IrpHandler (15) addr: F7674FC3
19:40:07:390 5440 DetectCureTDL3: IrpHandler (16) addr: F7671366
19:40:07:390 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (22) addr: F7672EF3
19:40:07:390 5440 DetectCureTDL3: IrpHandler (23) addr: F7677A24
19:40:07:390 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:390 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:390 5440 TDL3_FileDetect: Processing driver: Disk
19:40:07:390 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:390 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:468 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:40:07:468 5440
19:40:07:468 5440 DetectCureTDL3: DEVICE_OBJECT: 86214C68
19:40:07:468 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86214C68
19:40:07:468 5440 KLMD_ReadMem: Trying to ReadMemory 0x86214C68[0x38]
19:40:07:468 5440 DetectCureTDL3: DRIVER_OBJECT: 86776938
19:40:07:468 5440 KLMD_ReadMem: Trying to ReadMemory 0x86776938[0xA8]
19:40:07:468 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1002458[0x18]
19:40:07:468 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:40:07:468 5440 DetectCureTDL3: IrpHandler (0) addr: F7676C30
19:40:07:468 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (2) addr: F7676C30
19:40:07:468 5440 DetectCureTDL3: IrpHandler (3) addr: F7670D9B
19:40:07:468 5440 DetectCureTDL3: IrpHandler (4) addr: F7670D9B
19:40:07:468 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (9) addr: F7671366
19:40:07:468 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (14) addr: F767144D
19:40:07:468 5440 DetectCureTDL3: IrpHandler (15) addr: F7674FC3
19:40:07:468 5440 DetectCureTDL3: IrpHandler (16) addr: F7671366
19:40:07:468 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (22) addr: F7672EF3
19:40:07:468 5440 DetectCureTDL3: IrpHandler (23) addr: F7677A24
19:40:07:468 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:468 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:468 5440 TDL3_FileDetect: Processing driver: Disk
19:40:07:468 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:468 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:484 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:40:07:484 5440
19:40:07:484 5440 DetectCureTDL3: DEVICE_OBJECT: 862EAC68
19:40:07:484 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 862EAC68
19:40:07:484 5440 KLMD_ReadMem: Trying to ReadMemory 0x862EAC68[0x38]
19:40:07:484 5440 DetectCureTDL3: DRIVER_OBJECT: 86776938
19:40:07:484 5440 KLMD_ReadMem: Trying to ReadMemory 0x86776938[0xA8]
19:40:07:484 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1002458[0x18]
19:40:07:484 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:40:07:484 5440 DetectCureTDL3: IrpHandler (0) addr: F7676C30
19:40:07:484 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (2) addr: F7676C30
19:40:07:484 5440 DetectCureTDL3: IrpHandler (3) addr: F7670D9B
19:40:07:484 5440 DetectCureTDL3: IrpHandler (4) addr: F7670D9B
19:40:07:484 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (9) addr: F7671366
19:40:07:484 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (14) addr: F767144D
19:40:07:484 5440 DetectCureTDL3: IrpHandler (15) addr: F7674FC3
19:40:07:484 5440 DetectCureTDL3: IrpHandler (16) addr: F7671366
19:40:07:484 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (22) addr: F7672EF3
19:40:07:484 5440 DetectCureTDL3: IrpHandler (23) addr: F7677A24
19:40:07:484 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:484 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:484 5440 TDL3_FileDetect: Processing driver: Disk
19:40:07:484 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:484 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:500 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:40:07:500 5440
19:40:07:500 5440 DetectCureTDL3: DEVICE_OBJECT: 861B5640
19:40:07:500 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861B5640
19:40:07:500 5440 KLMD_ReadMem: Trying to ReadMemory 0x861B5640[0x38]
19:40:07:500 5440 DetectCureTDL3: DRIVER_OBJECT: 86776938
19:40:07:500 5440 KLMD_ReadMem: Trying to ReadMemory 0x86776938[0xA8]
19:40:07:500 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1002458[0x18]
19:40:07:500 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:40:07:500 5440 DetectCureTDL3: IrpHandler (0) addr: F7676C30
19:40:07:500 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (2) addr: F7676C30
19:40:07:500 5440 DetectCureTDL3: IrpHandler (3) addr: F7670D9B
19:40:07:500 5440 DetectCureTDL3: IrpHandler (4) addr: F7670D9B
19:40:07:500 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (9) addr: F7671366
19:40:07:500 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (14) addr: F767144D
19:40:07:500 5440 DetectCureTDL3: IrpHandler (15) addr: F7674FC3
19:40:07:500 5440 DetectCureTDL3: IrpHandler (16) addr: F7671366
19:40:07:500 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (22) addr: F7672EF3
19:40:07:500 5440 DetectCureTDL3: IrpHandler (23) addr: F7677A24
19:40:07:500 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:500 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:500 5440 TDL3_FileDetect: Processing driver: Disk
19:40:07:500 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:500 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:515 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:40:07:515 5440
19:40:07:515 5440 DetectCureTDL3: DEVICE_OBJECT: 861ED030
19:40:07:515 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861ED030
19:40:07:515 5440 DetectCureTDL3: DEVICE_OBJECT: 863A2020
19:40:07:515 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863A2020
19:40:07:515 5440 DetectCureTDL3: DEVICE_OBJECT: 860986F0
19:40:07:515 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860986F0
19:40:07:515 5440 KLMD_ReadMem: Trying to ReadMemory 0x860986F0[0x38]
19:40:07:515 5440 DetectCureTDL3: DRIVER_OBJECT: 86095858
19:40:07:515 5440 KLMD_ReadMem: Trying to ReadMemory 0x86095858[0xA8]
19:40:07:515 5440 KLMD_ReadMem: Trying to ReadMemory 0xE18A3720[0x1E]
19:40:07:515 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
19:40:07:515 5440 DetectCureTDL3: IrpHandler (0) addr: F7995218
19:40:07:515 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (2) addr: F7995218
19:40:07:515 5440 DetectCureTDL3: IrpHandler (3) addr: F799523C
19:40:07:515 5440 DetectCureTDL3: IrpHandler (4) addr: F799523C
19:40:07:515 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (9) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (14) addr: F7995180
19:40:07:515 5440 DetectCureTDL3: IrpHandler (15) addr: F79909E6
19:40:07:515 5440 DetectCureTDL3: IrpHandler (16) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (22) addr: F79945F0
19:40:07:515 5440 DetectCureTDL3: IrpHandler (23) addr: F7992A6E
19:40:07:515 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:515 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:515 5440 KLMD_ReadMem: Trying to ReadMemory 0xF7991F26[0x400]
19:40:07:515 5440 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:40:07:515 5440 TDL3_FileDetect: Processing driver: usbstor
19:40:07:515 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:515 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:531 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:40:07:531 5440
19:40:07:531 5440 DetectCureTDL3: DEVICE_OBJECT: 8615A120
19:40:07:531 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8615A120
19:40:07:531 5440 DetectCureTDL3: DEVICE_OBJECT: 86322C40
19:40:07:531 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86322C40
19:40:07:531 5440 DetectCureTDL3: DEVICE_OBJECT: 860D8EA0
19:40:07:531 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 860D8EA0
19:40:07:531 5440 KLMD_ReadMem: Trying to ReadMemory 0x860D8EA0[0x38]
19:40:07:531 5440 DetectCureTDL3: DRIVER_OBJECT: 86095858
19:40:07:531 5440 KLMD_ReadMem: Trying to ReadMemory 0x86095858[0xA8]
19:40:07:531 5440 KLMD_ReadMem: Trying to ReadMemory 0xE18A3720[0x1E]
19:40:07:531 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
19:40:07:531 5440 DetectCureTDL3: IrpHandler (0) addr: F7995218
19:40:07:531 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (2) addr: F7995218
19:40:07:531 5440 DetectCureTDL3: IrpHandler (3) addr: F799523C
19:40:07:531 5440 DetectCureTDL3: IrpHandler (4) addr: F799523C
19:40:07:531 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (9) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (14) addr: F7995180
19:40:07:531 5440 DetectCureTDL3: IrpHandler (15) addr: F79909E6
19:40:07:531 5440 DetectCureTDL3: IrpHandler (16) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (22) addr: F79945F0
19:40:07:531 5440 DetectCureTDL3: IrpHandler (23) addr: F7992A6E
19:40:07:531 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:531 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:531 5440 KLMD_ReadMem: Trying to ReadMemory 0xF7991F26[0x400]
19:40:07:531 5440 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:40:07:531 5440 TDL3_FileDetect: Processing driver: usbstor
19:40:07:531 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:531 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:546 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:40:07:546 5440
19:40:07:546 5440 DetectCureTDL3: DEVICE_OBJECT: 8618F320
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8618F320
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 863CA480
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863CA480
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 86396EA0
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86396EA0
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0x86396EA0[0x38]
19:40:07:562 5440 DetectCureTDL3: DRIVER_OBJECT: 86095858
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0x86095858[0xA8]
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0xE18A3720[0x1E]
19:40:07:562 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
19:40:07:562 5440 DetectCureTDL3: IrpHandler (0) addr: F7995218
19:40:07:562 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (2) addr: F7995218
19:40:07:562 5440 DetectCureTDL3: IrpHandler (3) addr: F799523C
19:40:07:562 5440 DetectCureTDL3: IrpHandler (4) addr: F799523C
19:40:07:562 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (9) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (14) addr: F7995180
19:40:07:562 5440 DetectCureTDL3: IrpHandler (15) addr: F79909E6
19:40:07:562 5440 DetectCureTDL3: IrpHandler (16) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (22) addr: F79945F0
19:40:07:562 5440 DetectCureTDL3: IrpHandler (23) addr: F7992A6E
19:40:07:562 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0xF7991F26[0x400]
19:40:07:562 5440 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:40:07:562 5440 TDL3_FileDetect: Processing driver: usbstor
19:40:07:562 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:562 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:562 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:40:07:562 5440
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 8631D030
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8631D030
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 861D5020
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 861D5020
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 863B87B0
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 863B87B0
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0x863B87B0[0x38]
19:40:07:562 5440 DetectCureTDL3: DRIVER_OBJECT: 86095858
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0x86095858[0xA8]
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0xE18A3720[0x1E]
19:40:07:562 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
19:40:07:562 5440 DetectCureTDL3: IrpHandler (0) addr: F7995218
19:40:07:562 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (2) addr: F7995218
19:40:07:562 5440 DetectCureTDL3: IrpHandler (3) addr: F799523C
19:40:07:562 5440 DetectCureTDL3: IrpHandler (4) addr: F799523C
19:40:07:562 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (9) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (14) addr: F7995180
19:40:07:562 5440 DetectCureTDL3: IrpHandler (15) addr: F79909E6
19:40:07:562 5440 DetectCureTDL3: IrpHandler (16) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (22) addr: F79945F0
19:40:07:562 5440 DetectCureTDL3: IrpHandler (23) addr: F7992A6E
19:40:07:562 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0xF7991F26[0x400]
19:40:07:562 5440 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:40:07:562 5440 TDL3_FileDetect: Processing driver: usbstor
19:40:07:562 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:562 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:40:07:562 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:40:07:562 5440
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 86771C68
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86771C68
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0x86771C68[0x38]
19:40:07:562 5440 DetectCureTDL3: DRIVER_OBJECT: 86776938
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0x86776938[0xA8]
19:40:07:562 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1002458[0x18]
19:40:07:562 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:40:07:562 5440 DetectCureTDL3: IrpHandler (0) addr: F7676C30
19:40:07:562 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (2) addr: F7676C30
19:40:07:562 5440 DetectCureTDL3: IrpHandler (3) addr: F7670D9B
19:40:07:562 5440 DetectCureTDL3: IrpHandler (4) addr: F7670D9B
19:40:07:562 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (9) addr: F7671366
19:40:07:562 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (14) addr: F767144D
19:40:07:562 5440 DetectCureTDL3: IrpHandler (15) addr: F7674FC3
19:40:07:562 5440 DetectCureTDL3: IrpHandler (16) addr: F7671366
19:40:07:562 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (22) addr: F7672EF3
19:40:07:562 5440 DetectCureTDL3: IrpHandler (23) addr: F7677A24
19:40:07:562 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:562 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:562 5440 TDL3_FileDetect: Processing driver: Disk
19:40:07:562 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:562 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:562 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:40:07:562 5440
19:40:07:562 5440 DetectCureTDL3: DEVICE_OBJECT: 86772C68
19:40:07:562 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86772C68
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0x86772C68[0x38]
19:40:07:578 5440 DetectCureTDL3: DRIVER_OBJECT: 86776938
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0x86776938[0xA8]
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1002458[0x18]
19:40:07:578 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
19:40:07:578 5440 DetectCureTDL3: IrpHandler (0) addr: F7676C30
19:40:07:578 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (2) addr: F7676C30
19:40:07:578 5440 DetectCureTDL3: IrpHandler (3) addr: F7670D9B
19:40:07:578 5440 DetectCureTDL3: IrpHandler (4) addr: F7670D9B
19:40:07:578 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (9) addr: F7671366
19:40:07:578 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (14) addr: F767144D
19:40:07:578 5440 DetectCureTDL3: IrpHandler (15) addr: F7674FC3
19:40:07:578 5440 DetectCureTDL3: IrpHandler (16) addr: F7671366
19:40:07:578 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (22) addr: F7672EF3
19:40:07:578 5440 DetectCureTDL3: IrpHandler (23) addr: F7677A24
19:40:07:578 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:578 5440 TDL3_FileDetect: Processing driver: Disk
19:40:07:578 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:578 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
19:40:07:578 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:40:07:578 5440
19:40:07:578 5440 DetectCureTDL3: DEVICE_OBJECT: 86745AB8
19:40:07:578 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86745AB8
19:40:07:578 5440 DetectCureTDL3: DEVICE_OBJECT: 86746978
19:40:07:578 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86746978
19:40:07:578 5440 DetectCureTDL3: DEVICE_OBJECT: 8678F030
19:40:07:578 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8678F030
19:40:07:578 5440 DetectCureTDL3: DEVICE_OBJECT: 8676A940
19:40:07:578 5440 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8676A940
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0x8676A940[0x38]
19:40:07:578 5440 DetectCureTDL3: DRIVER_OBJECT: 8677AF38
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0x8677AF38[0xA8]
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0xE1010298[0x1A]
19:40:07:578 5440 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
19:40:07:578 5440 DetectCureTDL3: IrpHandler (0) addr: F7388572
19:40:07:578 5440 DetectCureTDL3: IrpHandler (1) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (2) addr: F7388572
19:40:07:578 5440 DetectCureTDL3: IrpHandler (3) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (4) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (5) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (6) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (7) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (8) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (9) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (10) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (11) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (12) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (13) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (14) addr: F7388592
19:40:07:578 5440 DetectCureTDL3: IrpHandler (15) addr: F73847B4
19:40:07:578 5440 DetectCureTDL3: IrpHandler (16) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (17) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (18) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (19) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (20) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (21) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (22) addr: F73885BC
19:40:07:578 5440 DetectCureTDL3: IrpHandler (23) addr: F738F164
19:40:07:578 5440 DetectCureTDL3: IrpHandler (24) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (25) addr: 804F4476
19:40:07:578 5440 DetectCureTDL3: IrpHandler (26) addr: 804F4476
19:40:07:578 5440 KLMD_ReadMem: Trying to ReadMemory 0xF73857C6[0x400]
19:40:07:578 5440 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
19:40:07:578 5440 TDL3_FileDetect: Processing driver: atapi
19:40:07:578 5440 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:07:578 5440 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
19:40:07:593 5440 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
19:40:07:593 5440
19:40:07:593 5440 Completed
19:40:07:593 5440
19:40:07:593 5440 Results:
19:40:07:593 5440 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:40:07:593 5440 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:40:07:593 5440 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:40:07:593 5440
19:40:07:593 5440 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
19:40:07:593 5440 UtilityDeinit: KLMD(ARK) unloaded successfully


Report •

#14
February 9, 2010 at 18:35:31
That log was clean.

Open Malwarebytes> click the log tab> double click the second log I asked you to run> copy post it please.

The following DDS log will hopefully help find the files causing the redirects, mostly recently changed files, registry entries, etc..

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

* Save both reports to your desktop
* Please include the following logs in your next reply: DDS.txt and Attach.txt

Also run the following program for a more extensive rootkit search.

Download GMER from the following location and save it to your desktop.

GMER.exe


1. Right-click on the gmer.zip icon and select the Extract all
You will be shown a screen asking how you would like to extract the file. Just keep pressing the Next button until you ge to the last screen and then press the Finish button to finish the extraction process. The GMER folder should automatically open and you will see that it contains the file called gmer.exe.

2. Please double-click on the gmer.exe program. Once you double-click the icon a Windows security warning may appear asking if you are sure you would like to run the program. If this warning appears, please click on the Run button to allow GMER to start. If no warning appeared then you should just continue with the guide.

3. You will now see the main GMER window. If it gives you a warning about rootkit activity and asks if you want to run a full scan, please click on the NO button. We now need to configure GMER to not use some settings. Please uncheck the following settings that we do not want in our scan.
•Sections
•IAT/EAT
•Drives/Partition other than Systemdrive, which is typically C:\
•Show All (This is important, so do not miss it.)
4. Click on the Scan button to scan your computer for rootkits. This may take a while, so please be patient.
5. You now need need to save the rootkit scan report to your Desktop by clicking on the Save botton. A screen will open asking where you would like to save the report. Choose to save it to the desktop then in the file name field type help.txt

Finally, press the Save button to save the report to your desktop then post the results.

Please do not act on any of the information you find in this report as many legitimate programs could be listed in it.


Report •

#15
February 9, 2010 at 18:46:59
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/9/2010 12:04:10 AM
mbam-log-2010-02-09 (00-04-10).txt

Scan type: Quick Scan
Objects scanned: 128599
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\zopiwahe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tanokoge.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wavowibi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\yapipije.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f384390-529d-41cd-89d3-84d091b553e1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f384390-529d-41cd-89d3-84d091b553e1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65b3bde0-a00c-4c10-b174-d32066401a93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kibifofol (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{65b3bde0-a00c-4c10-b174-d32066401a93} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sepebijag (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lokusamimu (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: tanokoge.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: wavowibi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yapipije.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yapipije.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\zopiwahe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\berikeki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pomijowu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tanokoge.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vagivoho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wavowibi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yapipije.dll (Trojan.Vundo.H) -> Delete on reboot.


Report •

#16
February 9, 2010 at 19:04:33
From your post# 5:

besides random popups in every browser i try and my ping in games is 20+ above normal, which these things are not connected to this, my computer is fine.

Do this mean you are not being redirected and the popups are not malware.,P>If you are not being redirected and are not getting porn/must buy type popups then your computer is clean and we only need to do some minor cleanup.

Let me know please as the scans look to be clean.


Report •

#17
February 9, 2010 at 19:43:24
not redirected but just a new window pops up related to what i typed or site i visited and says YOUR A WINNER or GET THIS DEGREE. And how am i getting all these trojans? last night i scanned twice and by the 2nd i had 0 infections and now im scanning with malwarebytes and i already got 15. What could cause this?

Report •

#18
February 9, 2010 at 19:52:16
Post the malwarebytes log when its run is complete and maybe we can determine what it is.

These popups "YOUR A WINNER or GET THIS DEGREE" are not trojans but ads that can usually be stop with a popup stopper of some type.


Report •

#19
February 9, 2010 at 20:04:11

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 22:00:33.84 on Tue 02/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.381 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Octoshape Streaming Services] "c:\documents and settings\hp_administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\hp_administrator\desktop\mbam-installer\explorer.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: wavowibi.dll c:\windows\system32\yapipije.dll jidizone.dll c:\windows\system32\vomuganu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli tanokoge.dll difasadi.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-6 207792]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-6 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-19 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-19 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-19 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-19 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-19 40552]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-19 34248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-6 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-6 1141712]

=============== Created Last 30 ================

2010-02-10 01:21:06 5 ----a-w- c:\windows\system32\Band4
2010-02-10 01:21:05 6 ----a-w- c:\windows\system32\ClassU
2010-02-09 04:41:26 0 dc-h--w- c:\windows\ie8
2010-02-08 00:53:50 0 d--h--w- c:\windows\PIF
2010-02-07 21:39:05 0 d-----w- c:\program files\schtml
2010-02-07 21:34:37 36 ----a-w- c:\program files\skynet.dat
2010-02-06 06:27:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-06 06:27:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 06:27:12 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-06 06:27:12 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-06 06:27:12 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 06:27:12 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 06:27:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 06:27:12 131 ----a-w- c:\windows\IDB.zip
2010-02-06 06:27:12 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 06:18:50 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-06 06:18:50 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 06:18:28 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 06:18:28 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-06 06:18:28 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-06 06:18:28 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 06:18:12 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-06 06:18:12 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 06:18:06 0 d-----w- c:\program files\Spyware Doctor
2010-02-06 06:18:06 0 d-----w- c:\program files\common files\PC Tools
2010-02-06 06:18:06 0 d-----w- c:\docume~1\hp_adm~1\applic~1\PC Tools
2010-02-06 06:18:06 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-29 04:40:35 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22:20 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19:28 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-22 05:42:48 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:42:45 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-22 05:42:44 1054208 ----a-w- c:\windows\system32\dllcache\danim.dll
2009-12-22 05:42:43 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-12-22 05:42:43 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-12-16 12:57:07 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2009-12-08 09:13:51 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-11-21 16:36:13 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll

============= FINISH: 22:01:27.84 ===============


Report •

#20
February 9, 2010 at 20:04:29

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/19/2009 2:01:39 PM
System Uptime: 2/9/2010 9:53:00 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 123.707 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.121 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP312: 2/8/2010 10:20:08 PM - System Checkpoint
RP313: 2/8/2010 10:20:36 PM - 2/8/2010
RP314: 2/8/2010 10:40:28 PM - Installed MSN Toolbar
RP315: 2/8/2010 10:42:28 PM - Installed Windows Internet Explorer 8.

==== Installed Programs ======================

2Wire Wireless Client
5 Card Slingo from HP Media Center (remove only)
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
AT&T Yahoo! Activation
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
Browser Defender 2.0.6.15
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
Counter-Strike
Counter-Strike: Source
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Day of Defeat
Day of Defeat: Source
Destinations
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eSupportQFolder
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Fraps
FrostWire 4.18.0
GemMaster Mystic
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 7.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart and Deskjet 7.0.A
HP Photosmart Cameras 5.0
HP Photosmart Essential
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InstantShareDevicesMFC
InterVideo WinDVD Player
iPod To Computer Transfer 5.4
iTunes
Java(TM) 6 Update 17
League of Legends
Left 4 Dead 2 Demo
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.5.7)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Octoshape Streaming Services
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContextNPI
PS2
PSPrinters08
PSTAPlugin
PunkBuster Services
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quake Live Mozilla Plugin
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spyware Doctor 7.0
SpywareBlaster 4.2
Status
Steam
Super Granny from HP Media Center (remove only)
Team Fortress 2
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Ventrilo Client
Warcraft III
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
Zuma Deluxe from HP Media Center (remove only)

==== End Of File ===========================


Report •

#21
February 10, 2010 at 04:03:52
Run Malwarebytes again and post its log please.

Report •

#22
February 10, 2010 at 14:31:14
Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/9/2010 9:49:23 PM
mbam-log-2010-02-09 (21-49-19).txt

Scan type: Quick Scan
Objects scanned: 129997
Time elapsed: 12 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jidizone.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vomuganu.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{11b8bcc9-7f85-4e60-9173-34e6c7fccfe9} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kibifofol (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{11b8bcc9-7f85-4e60-9173-34e6c7fccfe9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sagevaned (Trojan.Vundo.H) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: difasadi.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vomuganu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vomuganu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\difasadi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\geniweji.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jidizone.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nanayese.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\suhidonu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vomuganu.dll (Trojan.Vundo.H) -> No action taken.


Report •

#23
February 10, 2010 at 16:04:01
also do you have a suggestion to a anti malware system that prevents infection?

Report •

#24
February 10, 2010 at 19:31:23
Brien, I see where the baddie is regenerating from but we will need the exact file names and as you can see they morph rather quickly so once you run these scans and post their log do not restart the computer. Malwarebytes may need to restart so allow it to do that.

First go offline and disable your McAfee Antivirus and Spyware Doctor.

Then open malwarebytes> click the log tab> click remove all.

Next run a Malwarebytes scan and remembering to do this:

1. When the scan is complete, click OK, then Show Results to view the results.
2. Make sure that everything found is checked, and click Remove Selected.

The run DDS again following all previous directions and post its log.

Be sure you re-enable your protection before getting back on line.


Report •

#25
February 10, 2010 at 21:41:08
DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 23:32:24.37 on Wed 02/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.232 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Documents and Settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
c:\program files\steam\steamapps\chronic_gamer@hotmail.com\counter-strike source\hl2.exe
C:\program files\steam\GameOverlayUI.exe
C:\WINDOWS\system32\notepad.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://www.msn.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Octoshape Streaming Services] "c:\documents and settings\hp_administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\documents and settings\hp_administrator\desktop\mbam-installer\explorer.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: wavowibi.dll c:\windows\system32\yapipije.dll jidizone.dll c:\windows\system32\vomuganu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli tanokoge.dll difasadi.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-6 207792]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-6 112592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-19 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-19 35272]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-19 40552]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-6 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-6 1141712]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-19 606736]

=============== Created Last 30 ================

2010-02-10 01:21:06 5 ----a-w- c:\windows\system32\Band4
2010-02-10 01:21:05 6 ----a-w- c:\windows\system32\ClassU
2010-02-09 04:41:26 0 dc-h--w- c:\windows\ie8
2010-02-08 00:53:50 0 d--h--w- c:\windows\PIF
2010-02-07 21:39:05 0 d-----w- c:\program files\schtml
2010-02-07 21:34:37 36 ----a-w- c:\program files\skynet.dat
2010-02-06 06:27:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-06 06:27:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-06 06:27:12 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-06 06:27:12 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-06 06:27:12 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-06 06:27:12 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-06 06:27:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-06 06:27:12 131 ----a-w- c:\windows\IDB.zip
2010-02-06 06:27:12 1152444 ----a-w- c:\windows\UDB.zip
2010-02-06 06:18:50 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-06 06:18:50 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-06 06:18:28 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-06 06:18:28 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-06 06:18:28 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-06 06:18:28 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-06 06:18:12 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-06 06:18:12 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-06 06:18:06 0 d-----w- c:\program files\Spyware Doctor
2010-02-06 06:18:06 0 d-----w- c:\program files\common files\PC Tools
2010-02-06 06:18:06 0 d-----w- c:\docume~1\hp_adm~1\applic~1\PC Tools
2010-02-06 06:18:06 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-29 04:40:35 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22:20 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19:28 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-22 05:42:48 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:42:45 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-22 05:42:44 1054208 ----a-w- c:\windows\system32\dllcache\danim.dll
2009-12-22 05:42:43 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-12-22 05:42:43 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-12-16 12:57:07 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2009-12-08 09:13:51 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-11-21 16:36:13 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll

============= FINISH: 23:32:57.85 ===============


Report •

#26
February 10, 2010 at 21:41:21

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/19/2009 2:01:39 PM
System Uptime: 2/10/2010 4:51:33 PM (7 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 123.483 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.121 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP312: 2/8/2010 10:20:08 PM - System Checkpoint
RP313: 2/8/2010 10:20:36 PM - 2/8/2010
RP314: 2/8/2010 10:40:28 PM - Installed MSN Toolbar
RP315: 2/8/2010 10:42:28 PM - Installed Windows Internet Explorer 8.
RP316: 2/10/2010 5:09:07 PM - System Checkpoint

==== Installed Programs ======================

2Wire Wireless Client
5 Card Slingo from HP Media Center (remove only)
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
AT&T Yahoo! Activation
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
Browser Defender 2.0.6.15
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
Counter-Strike
Counter-Strike: Source
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Day of Defeat
Day of Defeat: Source
Destinations
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eSupportQFolder
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Fraps
FrostWire 4.18.0
GemMaster Mystic
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 7.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart and Deskjet 7.0.A
HP Photosmart Cameras 5.0
HP Photosmart Essential
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InstantShareDevicesMFC
InterVideo WinDVD Player
iPod To Computer Transfer 5.4
iTunes
Java(TM) 6 Update 17
League of Legends
Left 4 Dead 2 Demo
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.5.7)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Octoshape Streaming Services
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContextNPI
PS2
PSPrinters08
PSTAPlugin
PunkBuster Services
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quake Live Mozilla Plugin
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Spyware Doctor 7.0
SpywareBlaster 4.2
Status
Steam
Super Granny from HP Media Center (remove only)
Team Fortress 2
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Ventrilo Client
Warcraft III
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
Zuma Deluxe from HP Media Center (remove only)

==== End Of File ===========================


Report •

#27
February 11, 2010 at 02:04:03
To run malwarebytes and remove Your PC Protector, you can do either rename it or boot into safemode as instructed here: http://www.im-infected.com/rogue/yo...

Report •

#28
February 11, 2010 at 04:07:50
Re-download Combofix and run and remember that MacAfee and Spyware Doctor must be off for it to run properly.

The do this:


Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\vomuganu.dll
c:\windows\system32\jidizone.dll
c:\windows\system32\wavowibi.dll
c:\windows\system32\difasadi.dll
c:\windows\system32\tanokoge.dll
c:\windows\system32\yapipije.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“notification packages”=scecli"

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".


Report •

#29
February 11, 2010 at 13:46:59
you want log report or we done?

Report •

#30
February 11, 2010 at 16:00:50
Please post the report and a new dss log.

Report •

#31
February 11, 2010 at 17:00:10
ComboFix 10-02-11.02 - HP_Administrator 02/11/2010 15:14:47.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.154 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\difasadi.dll"
"c:\windows\system32\jidizone.dll"
"c:\windows\system32\tanokoge.dll"
"c:\windows\system32\vomuganu.dll"
"c:\windows\system32\wavowibi.dll"
"c:\windows\system32\yapipije.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tasks\vcyakwla.job
c:\windows\Tasks\zfuduevw.job

.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-09 20:02 . 2010-02-09 20:02 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Threat Expert
2010-02-09 04:41 . 2010-02-09 04:44 -------- dc-h--w- c:\windows\ie8
2010-02-08 00:53 . 2010-02-08 00:53 -------- d--h--w- c:\windows\PIF
2010-02-07 21:39 . 2010-02-07 21:39 -------- d-----w- c:\program files\schtml
2010-02-07 21:34 . 2010-02-07 21:34 36 ----a-w- c:\program files\skynet.dat
2010-02-06 19:16 . 2010-02-06 19:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert
2010-02-06 06:18 . 2010-02-11 21:36 -------- d-----w- c:\program files\Spyware Doctor
2010-02-04 13:07 . 2010-02-04 13:07 -------- d-----w- c:\documents and settings\Kathy\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-11 21:38 . 2009-06-19 19:48 -------- d-----w- c:\program files\Steam
2010-02-11 21:09 . 2009-06-19 19:20 -------- d-----w- c:\program files\Yahoo!
2010-02-11 21:09 . 2009-06-26 07:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-11 02:26 . 2009-06-20 09:22 -------- d-----w- c:\program files\Warcraft III
2010-02-11 00:09 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mIRC
2010-02-11 00:08 . 2009-06-19 13:56 -------- d-----w- c:\program files\mIRC
2010-02-09 04:30 . 2009-08-28 21:16 71960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Plugins\npoctoshape.dll
2010-02-08 00:57 . 2009-12-23 04:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 19:18 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2010-02-06 06:05 . 2010-01-01 11:38 -------- d-----w- c:\program files\SpywareBlaster
2010-02-01 12:24 . 2010-02-09 02:46 71960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-npoctoshape.dll
2010-02-01 12:24 . 2010-02-09 02:45 417280 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-libOctoshapeClient.dll
2010-02-01 12:24 . 2010-02-09 02:45 124184 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-apoctoshape.dll
2010-01-22 13:35 . 2009-07-30 15:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-01-21 19:26 . 2009-07-02 07:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 09:23 . 2009-06-19 15:18 -------- d-----w- c:\program files\McAfee
2010-01-07 22:07 . 2009-12-23 04:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-23 04:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00 . 2009-11-15 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 12:00 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2010-01-01 11:59 . 2010-01-01 11:59 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-29 04:40 . 2004-08-10 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40 . 2004-08-10 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22 . 2009-12-24 09:53 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19 . 2009-12-24 09:53 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-25 01:26 . 2009-12-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-25 01:26 . 2009-12-24 09:31 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-25 01:18 . 2009-12-24 09:22 -------- d-----w- c:\program files\UnHackMe
2009-12-24 09:59 . 2009-12-24 09:59 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-24 09:53 . 2009-12-24 09:53 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53 . 2009-12-24 09:53 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-24 09:31 . 2009-12-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-12-24 09:22 . 2009-12-24 09:22 2 --shatr- c:\windows\winstart.bat
2009-12-23 04:24 . 2009-12-23 04:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-12-23 04:23 . 2009-12-23 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-21 23:40 . 2009-07-09 16:37 -------- d-----w- c:\program files\Common Files\Motive
2009-12-02 14:35 . 2009-12-12 04:17 755200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\pmv3052a-0912021-0-libOctoshapeClient.dll
2009-11-21 16:36 . 2004-08-10 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03 52736 --sha-w- c:\windows\system32\tutepega.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 52736 --sha-w- c:\windows\system32\woyobizi.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 52736 --sha-w- c:\windows\system32\zodofigu.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-31 1217808]
"Octoshape Streaming Services"="c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-18 339968]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-01 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-01 149280]

c:\documents and settings\Kathy\Start Menu\Programs\Startup\
barebones.exe [2009-10-23 4239771]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:wc3
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/19/2009 9:21 AM 93320]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 10:09 PM 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys --> c:\windows\system32\drivers\CM108.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 17:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\documents and settings\HP_Administrator\Desktop\mbam-installer\explorer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 15:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3932)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-02-11 15:45:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-11 21:45
ComboFix2.txt 2010-02-08 04:47

Pre-Run: 132,627,243,008 bytes free
Post-Run: 132,495,691,776 bytes free

- - End Of File - - BD058F36952A11DE868D734B705F7C68


Report •

#32
February 11, 2010 at 17:14:57
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\tutepega.dll.tmp
c:\windows\system32\woyobizi.dll.tmp
c:\windows\system32\zodofigu.dll.tmp

Folder::
c:\windows\system32\tutepega.dll.tmp
c:\windows\system32\woyobizi.dll.tmp
c:\windows\system32\zodofigu.dll.tmp

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".


Report •

#33
February 11, 2010 at 18:00:19
will do

Report •

#34
February 11, 2010 at 18:29:39
ComboFix 10-02-11.02 - HP_Administrator 02/11/2010 20:06:04.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.532 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\tutepega.dll.tmp"
"c:\windows\system32\woyobizi.dll.tmp"
"c:\windows\system32\zodofigu.dll.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tutepega.dll.tmp
c:\windows\system32\woyobizi.dll.tmp
c:\windows\system32\zodofigu.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-09 20:02 . 2010-02-09 20:02 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Threat Expert
2010-02-09 04:41 . 2010-02-09 04:44 -------- dc-h--w- c:\windows\ie8
2010-02-08 00:53 . 2010-02-08 00:53 -------- d--h--w- c:\windows\PIF
2010-02-07 21:39 . 2010-02-07 21:39 -------- d-----w- c:\program files\schtml
2010-02-07 21:34 . 2010-02-07 21:34 36 ----a-w- c:\program files\skynet.dat
2010-02-06 19:16 . 2010-02-06 19:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Threat Expert
2010-02-06 06:18 . 2010-02-11 21:36 -------- d-----w- c:\program files\Spyware Doctor
2010-02-04 13:07 . 2010-02-04 13:07 -------- d-----w- c:\documents and settings\Kathy\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 02:22 . 2009-06-19 19:48 -------- d-----w- c:\program files\Steam
2010-02-12 00:37 . 2009-06-20 09:22 -------- d-----w- c:\program files\Warcraft III
2010-02-11 23:44 . 2009-06-19 13:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\mIRC
2010-02-11 23:44 . 2009-06-19 13:56 -------- d-----w- c:\program files\mIRC
2010-02-11 21:09 . 2009-06-19 19:20 -------- d-----w- c:\program files\Yahoo!
2010-02-11 21:09 . 2009-06-26 07:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-09 04:30 . 2009-08-28 21:16 71960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Plugins\npoctoshape.dll
2010-02-08 00:57 . 2009-12-23 04:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-06 19:18 . 2005-11-11 00:59 -------- d-----w- c:\program files\Google
2010-02-06 06:05 . 2010-01-01 11:38 -------- d-----w- c:\program files\SpywareBlaster
2010-02-01 12:24 . 2010-02-09 02:46 71960 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-npoctoshape.dll
2010-02-01 12:24 . 2010-02-09 02:45 417280 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-libOctoshapeClient.dll
2010-02-01 12:24 . 2010-02-09 02:45 124184 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002010-0-apoctoshape.dll
2010-01-22 13:35 . 2009-07-30 15:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-01-21 19:26 . 2009-07-02 07:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 09:23 . 2009-06-19 15:18 -------- d-----w- c:\program files\McAfee
2010-01-07 22:07 . 2009-12-23 04:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-23 04:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00 . 2009-11-15 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-01 12:00 . 2005-11-11 00:05 -------- d-----w- c:\program files\Java
2010-01-01 11:59 . 2010-01-01 11:59 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-29 04:40 . 2004-08-10 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40 . 2004-08-10 12:00 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22 . 2009-12-24 09:53 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19 . 2009-12-24 09:53 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-25 01:26 . 2009-12-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-25 01:26 . 2009-12-24 09:31 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-25 01:18 . 2009-12-24 09:22 -------- d-----w- c:\program files\UnHackMe
2009-12-24 09:59 . 2009-12-24 09:59 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-24 09:53 . 2009-12-24 09:53 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53 . 2009-12-24 09:53 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-24 09:31 . 2009-12-24 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-12-24 09:22 . 2009-12-24 09:22 2 --shatr- c:\windows\winstart.bat
2009-12-23 04:24 . 2009-12-23 04:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-12-23 04:23 . 2009-12-23 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-21 23:40 . 2009-07-09 16:37 -------- d-----w- c:\program files\Common Files\Motive
2009-12-02 14:35 . 2009-12-12 04:17 755200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\pmv3052a-0912021-0-libOctoshapeClient.dll
2009-11-21 16:36 . 2004-08-10 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-31 1217808]
"Octoshape Streaming Services"="c:\documents and settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-18 339968]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-01 69632]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-01 149280]

c:\documents and settings\Kathy\Start Menu\Programs\Startup\
barebones.exe [2009-10-23 4239771]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\day of defeat\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\WINDOWS\\ehome\\ehmsas.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:wc3
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/19/2009 9:21 AM 93320]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\Google\Update\GoogleUpdate.exe [7/22/2009 10:09 PM 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys --> c:\windows\system32\drivers\CM108.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 17:22]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 20:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3164)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-02-11 20:27:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-12 02:27
ComboFix2.txt 2010-02-11 21:45
ComboFix3.txt 2010-02-08 04:47

Pre-Run: 132,475,367,424 bytes free
Post-Run: 132,443,258,880 bytes free

- - End Of File - - 114DD9671D5CADCAB58130D26228BABB


Report •

#35
February 11, 2010 at 19:48:02
Please post a new DDS log following the instructions in response # 15 and post that log so that we can verify that the infection is/ is not gone.

And you should go through the cleanup procedure again in response # 10.


Report •

#36
February 11, 2010 at 20:26:35

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 22:23:26.54 on Thu 02/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.427 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Octoshape Streaming Services] "c:\documents and settings\hp_administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-19 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-19 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-19 144704]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-19 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-19 35272]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-19 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-19 606736]

=============== Created Last 30 ================

2010-02-11 21:12:59 98816 ----a-w- c:\windows\sed.exe
2010-02-11 21:12:59 77312 ----a-w- c:\windows\MBR.exe
2010-02-11 21:12:59 261632 ----a-w- c:\windows\PEV.exe
2010-02-11 21:12:59 161792 ----a-w- c:\windows\SWREG.exe
2010-02-10 01:21:06 5 ----a-w- c:\windows\system32\Band4
2010-02-10 01:21:05 6 ----a-w- c:\windows\system32\ClassU
2010-02-09 04:41:26 0 dc-h--w- c:\windows\ie8
2010-02-08 00:53:50 0 d--h--w- c:\windows\PIF
2010-02-07 21:39:05 0 d-----w- c:\program files\schtml
2010-02-07 21:34:37 36 ----a-w- c:\program files\skynet.dat
2010-02-06 06:27:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-06 06:18:06 0 d-----w- c:\program files\Spyware Doctor

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-29 04:40:35 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22:20 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19:28 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-22 05:42:48 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:42:45 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-22 05:42:44 1054208 ----a-w- c:\windows\system32\dllcache\danim.dll
2009-12-22 05:42:43 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-12-22 05:42:43 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-12-16 12:57:07 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2009-12-08 09:13:51 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-11-21 16:36:13 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll

============= FINISH: 22:24:12.40 ===============


Report •

#37
February 11, 2010 at 20:26:44

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/19/2009 2:01:39 PM
System Uptime: 2/11/2010 8:19:57 PM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 123.219 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.121 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP312: 2/8/2010 10:20:08 PM - System Checkpoint
RP313: 2/8/2010 10:20:36 PM - 2/8/2010
RP314: 2/8/2010 10:40:28 PM - Installed MSN Toolbar
RP315: 2/8/2010 10:42:28 PM - Installed Windows Internet Explorer 8.
RP316: 2/10/2010 5:09:07 PM - System Checkpoint

==== Installed Programs ======================

2Wire Wireless Client
5 Card Slingo from HP Media Center (remove only)
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
AT&T Yahoo! Activation
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
Counter-Strike
Counter-Strike: Source
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Day of Defeat
Day of Defeat: Source
Destinations
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eSupportQFolder
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Fraps
FrostWire 4.18.0
GemMaster Mystic
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 7.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart and Deskjet 7.0.A
HP Photosmart Cameras 5.0
HP Photosmart Essential
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InstantShareDevicesMFC
InterVideo WinDVD Player
iPod To Computer Transfer 5.4
iTunes
Java(TM) 6 Update 17
League of Legends
Left 4 Dead 2 Demo
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.5.7)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Octoshape Streaming Services
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContextNPI
PS2
PSPrinters08
PSTAPlugin
PunkBuster Services
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quake Live Mozilla Plugin
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SpywareBlaster 4.2
Status
Steam
Super Granny from HP Media Center (remove only)
Team Fortress 2
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Ventrilo Client
Warcraft III
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Zuma Deluxe from HP Media Center (remove only)

==== End Of File ===========================


Report •

#38
February 11, 2010 at 20:39:10
That looks much better to me are you still having any problems with the computer?

Report •

#39
February 11, 2010 at 21:30:22
nope, i just finished cleaning it out. Will repost if anything else goes wrong. You have been a real help jabuck.
Thank you very much

Report •

#40
February 12, 2010 at 03:49:41
Glad we could help Brien.

Report •

#41
February 14, 2010 at 12:33:51
Since my last time i cleaned my computer and made a new restore point, one of my games as i open it closes down and when i scroll down pages its very choppy.But everytime i restore to that point its fine and when i restart, or shut it down when it comes back on it doesnt work and the browser is choppy. What is this?

Report •

#42
February 14, 2010 at 12:42:10
Have you tried to reinstall the game? By restore do you mean that you are restoring the computer to a previous date?

Report •

#43
February 14, 2010 at 16:47:28
yea i System Restore to the day i made one after combofix. and everything is fine. But if i restart it or turn it off, the game starts up and then exits out immediately. and when i scroll down things its choppy/laggy.

Report •

#44
February 14, 2010 at 16:55:18
The game may be corrupt causing the problem. The only way I might possibly tell is to begin with a new series of logs. Please run DDS and post its log as you did in response #15 and run Malwarebytes, post its log.

Report •

#45
February 14, 2010 at 21:48:33
i don't think thats the problem, because it works fine atm when i restore it to the 11th and then it goes bad, but ill try this.

Report •

#46
February 15, 2010 at 15:00:58
i just found out that it is the windows update that changes everything. should i just keep auto update off?

Report •

#47
February 15, 2010 at 15:12:44
Yes, but just for a week or two. If there is a bug in the update it should be repaired before long.

It would be helpful to others if you would post the number of the bogus update if you are sure which one it is.

Good find and thanks for keeping us informed with your success.



Report •

#48
February 15, 2010 at 17:56:02
I would suggest after all those posts if you still have trouble, I would suggest backing up your drive and doing reformat and a fresh install.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#49
February 16, 2010 at 18:02:29
unfortuantely i cannot reformat for i have no way to back up. And i have found out it is not the update and is something else i will do dds and malware scan when it comes up again.

Report •

#50
February 17, 2010 at 14:14:44

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 16:13:17.94 on Wed 02/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.413 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Octoshape Streaming Services] "c:\documents and settings\hp_administrator\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S0 Partizan;Partizan;c:\windows\system32\drivers\partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe --> c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-19 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-19 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-19 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-19 40552]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]

=============== Created Last 30 ================

2010-02-17 01:45:12 8212 ----a-w- c:\windows\mfebcdata
2010-02-17 01:43:59 450560 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-02-17 01:43:43 0 d-----w- c:\program files\schtml
2010-02-14 20:38:32 0 d-----w- c:\program files\McAfee.com
2010-02-14 20:38:32 0 d-----w- c:\program files\McAfee
2010-02-14 20:38:32 0 d-----w- c:\program files\common files\McAfee
2010-02-14 20:36:57 0 d-----w- c:\program files\McAfee(3)
2010-02-14 20:36:57 0 d-----w- c:\program files\common files\McAfee(3)
2010-02-13 22:10:16 10195 ----a-w- c:\windows\system32\Config.MPF
2010-02-13 22:06:07 0 d-----w- c:\program files\common files\McAfee(2)
2010-02-13 22:06:06 0 d-----w- c:\program files\McAfee(2).com
2010-02-13 22:05:57 0 d-----w- c:\program files\McAfee(2)
2010-02-11 21:45:50 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-11 21:45:50 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-11 21:45:49 57667 ------w- c:\windows\system32\ieuinit.inf
2010-02-11 21:45:49 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-11 21:45:49 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-02-11 21:45:49 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-11 21:45:37 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-10 01:21:06 5 ----a-w- c:\windows\system32\Band4
2010-02-10 01:21:05 6 ----a-w- c:\windows\system32\ClassU
2010-02-09 04:41:26 0 dc-h--w- c:\windows\ie8
2010-02-08 00:53:50 0 d--h--w- c:\windows\PIF
2010-02-07 21:34:37 36 ----a-w- c:\program files\skynet.dat
2010-02-06 06:27:13 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-06 06:18:06 0 d-----w- c:\program files\Spyware Doctor

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 12:00:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\dllcache\srv.sys
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-29 04:40:35 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-29 04:40:35 95360 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-25 06:22:20 22304 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-25 06:19:28 700704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-24 09:53:54 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-22 05:42:48 1506304 ----a-w- c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:42:45 55808 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-22 05:42:44 1054208 ----a-w- c:\windows\system32\dllcache\danim.dll
2009-12-22 05:42:43 151040 ----a-w- c:\windows\system32\dllcache\cdfview.dll
2009-12-22 05:42:43 1023488 ----a-w- c:\windows\system32\dllcache\browseui.dll
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2009-12-16 12:57:07 18432 ----a-w- c:\windows\system32\dllcache\iedw.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\OLDBF.tmp
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv(2)(3).dll
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2009-12-08 09:13:51 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 14:41:55 453760 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:04:16 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:04:16 1291776 ----a-w- c:\windows\system32\quartz(5).dll
2009-11-27 17:04:16 1291776 ----a-w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 17:04:15 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:04:15 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 16:36:13 470528 ----a-w- c:\windows\system32\dllcache\aclayers.dll

============= FINISH: 16:13:41.14 ===============


Report •

#51
February 17, 2010 at 14:14:59

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/19/2009 2:01:39 PM
System Uptime: 2/17/2010 3:34:53 AM (13 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon(tm) 64 Processor 3700+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 122.032 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.121 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP317: 2/11/2010 10:35:03 PM - System Checkpoint
RP318: 2/11/2010 10:35:35 PM - 2/11/2010
RP319: 2/12/2010 3:00:18 AM - Software Distribution Service 3.0
RP320: 2/12/2010 6:45:13 PM - Restore Operation
RP321: 2/13/2010 2:38:55 AM - Software Distribution Service 3.0
RP322: 2/13/2010 3:22:40 PM - Restore Operation
RP323: 2/14/2010 3:00:52 AM - Software Distribution Service 3.0
RP324: 2/14/2010 2:35:17 PM - Restore Operation
RP325: 2/15/2010 3:00:48 AM - Software Distribution Service 3.0
RP326: 2/16/2010 9:03:49 AM - System Checkpoint
RP327: 2/16/2010 7:40:16 PM - Restore Operation
RP328: 2/17/2010 3:00:41 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2Wire Wireless Client
5 Card Slingo from HP Media Center (remove only)
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
AT&T Yahoo! Activation
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AutoUpdate
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bonjour
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
Chuzzle Deluxe from HP Media Center (remove only)
Counter-Strike
Counter-Strike: Source
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Day of Defeat
Day of Defeat: Source
Destinations
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eSupportQFolder
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
Fraps
FrostWire 4.18.0
GemMaster Mystic
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 7.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart and Deskjet 7.0.A
HP Photosmart Cameras 5.0
HP Photosmart Essential
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InstantShareDevicesMFC
InterVideo WinDVD Player
iPod To Computer Transfer 5.4
iTunes
Java(TM) 6 Update 17
League of Legends
Left 4 Dead 2 Demo
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
MKV Splitter
Mozilla Firefox (3.5.7)
MSN Toolbar
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Octoshape Streaming Services
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
ProductContextNPI
PS2
PSPrinters08
PSTAPlugin
PunkBuster Services
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quake Live Mozilla Plugin
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SpywareBlaster 4.2
Status
Steam
Super Granny from HP Media Center (remove only)
Team Fortress 2
Toolbox
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.762
Vegas Pro 9.0
Ventrilo Client
Warcraft III
WebFldrs XP
WebReg
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Zuma Deluxe from HP Media Center (remove only)

==== End Of File ===========================


Report •

#52
February 17, 2010 at 14:15:35
and it is still laggy when i scroll, its sort of like wavy, if you know what i mean.

Report •

#53
February 17, 2010 at 15:58:59
Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

#54
February 20, 2010 at 17:55:03
You could also try http://www.softpedia.com/get/Antivi...

Report •

Ask Question