Recurring problems

Hi Nate,

Please post the scanlogs requested in the linky below and I or one of the other volunteers will have a look as time permits.

http://www.daniweb.com/forums/thread134865.html

Things are a bit hectic this time of year, so responses may be a bit slow.

PP:)

Hi Nate,

Please post the scanlogs requested in the linky below and I or one of the other volunteers will have a look as time permits.

http://www.daniweb.com/forums/thread134865.html

Things are a bit hectic this time of year, so responses may be a bit slow.

PP:)

Here are the logs, slow responses are no problem, thanks for even replying back :).

MBAM:

Malwarebytes' Anti-Malware 1.42
Database version: 3392
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/19/2009 3:01:45 AM
mbam-log-2009-12-19 (03-01-34).txt

Scan type: Full Scan (C:\|D:\|Z:\|)
Objects scanned: 248748
Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\IbPF.exe (Spyware.Passwords) -> No action taken.
C:\pdvwd.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\ryiasu.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\HP_Administrator\ntload.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\dequft\wfausysguard.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\tmbqga\yyajsysguard.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\LocalService\ntload.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\pss\scandisk.dllStartup (Trojan.Agent) -> No action taken.
C:\WINDOWS\irc.txt (Malware.Trace) -> No action taken.

ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c47c603347b7a47addcd5856497bbfa
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-20 01:16:56
# local_time=2009-12-19 08:16:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 2 3825343 32626718 0 0
# compatibility_mode=1028 16777214 0 5 3907419 9890814 0 0
# compatibility_mode=3586 16764885 100 88 104907317 264480901 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=123307
# found=8
# cleaned=0
# scan_time=7442
C:\dcgwhpoh.exe a variant of Win32/Refpron.DF trojan 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent108.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent138.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent17.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent46.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent98.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I

DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 20:20:27.39 on Sat 12/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.323 [GMT -5:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: trymedia.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-12-31 133792]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060216.009\NAVENG.Sys [2006-8-12 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060216.009\NavEx15.Sys [2006-8-12 750952]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-12 1119888]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

=============== Created Last 30 ================

2009-12-19 23:08:45 0 d-----w- c:\program files\ESET
2009-12-19 18:45:43 0 d-----w- c:\program files\Trend Micro
2009-12-19 08:04:58 0 d-----w- c:\windows\system32\PreInstall
2009-12-19 06:26:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 06:26:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:20:20 27648 ------w- c:\windows\system32\dllcache\jgpl400.dll
2009-12-18 23:20:20 163840 ------w- c:\windows\system32\dllcache\jgdw400.dll
2009-12-18 23:19:47 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-18 23:19:46 2180480 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-18 23:19:45 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-18 23:19:45 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-18 23:17:21 28672 ------w- c:\windows\system32\verclsid.exe
2009-12-18 23:16:27 453120 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-18 22:36:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-18 22:36:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-18 22:36:07 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-18 22:36:00 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-18 22:35:56 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-18 22:35:51 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-18 22:35:42 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-18 20:55:41 133632 ----a-r- c:\windows\system32\CtDvInst.dll
2009-12-18 20:55:29 5627 ----a-r- c:\windows\system32\Ludap17.ini
2009-12-18 20:55:29 39 ----a-r- c:\windows\system32\ctzapxx.ini
2009-12-18 20:55:29 0 d-----w- c:\windows\system32\Data
2009-12-18 20:47:39 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-12-18 20:47:37 529 ----a-r- c:\windows\system32\ATIODCLI.exe.manifest
2009-12-18 20:47:37 527 ----a-r- c:\windows\system32\ATIODE.exe.manifest
2009-12-18 20:47:37 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2009-12-18 20:47:33 7167 ----a-r- c:\windows\system32\atifglpf.xml
2009-12-18 20:47:33 425984 ----a-r- c:\windows\system32\ATIDEMGX.dll
2009-12-18 20:47:31 887724 ----a-r- c:\windows\system32\ativva6x.dat
2009-12-18 20:47:30 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2009-12-18 20:47:29 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-12-18 20:47:28 180720 ----a-r- c:\windows\system32\atiicdxx.dat
2009-12-18 20:46:17 0 d-sh--r- C:\cmdcons
2009-12-18 20:45:59 0 d-----w- c:\windows\setupupd
2009-12-18 20:45:14 0 d-sh--r- c:\windows\system32\dllcache
2009-12-18 20:43:05 1870 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX495AV-ABA a1550e_YC_0Pavi_QMXG632_E63NAecMPA3_48_INODUS_SASUSTek Computer INC._V1.03_B3.06_T060714_WXP2_L409_M1023_J500_7AMD_8Athlon 64 X2 Dual Core_92_#060817_N_Z_G1002954F_OHL-DT-ST RW DVD GCC-4482B.MRK
2009-12-18 20:41:09 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-12-18 20:41:07 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Symantec
2009-12-18 20:37:47 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-14 13:23:25 157696 ----a-w- C:\dcgwhpoh.exe
2009-12-12 14:23:27 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Walgreens
2009-12-10 22:06:33 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Xfire
2009-12-08 20:58:38 0 d-----w- c:\program files\World of Warcraft
2009-12-07 20:52:33 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-12-05 06:15:07 0 ----a-w- c:\windows\vpc32.INI
2009-12-05 06:09:51 0 d-----w- c:\program files\Symantec AntiVirus
2009-12-05 05:56:00 0 d-----w- C:\Symantec10.1.5
2009-11-25 04:40:58 0 d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2009-11-24 22:49:32 0 d-----w- C:\temp
2009-11-24 02:14:37 0 d-----w- c:\program files\Cheat Engine
2009-11-24 01:29:10 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-12-18 20:46:45 112942 ----a-w- c:\windows\hpoins07.dat
2009-12-17 03:43:20 1350 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-01-31 06:07:28 5190008 -c--a-w- c:\program files\Mudvayne_-_Do_what_You_Do.mp3
2009-01-31 05:50:59 11133568 -c--a-w- c:\program files\Disturbed_-_Indestructible.mp3
2004-12-07 14:13:42 3578547 -c--a-w- c:\program files\ManagedDX.CAB
2004-12-07 14:13:40 479432 -c--a-w- c:\program files\dxsetup.exe
2004-12-07 14:13:38 69832 -c--a-w- c:\program files\DSETUP.dll
2004-12-07 14:13:38 2249416 -c--a-w- c:\program files\dsetup32.dll
2004-12-07 14:13:38 13265040 -c--a-r- c:\program files\dxnt.cab
2004-12-07 14:13:36 15493481 -c--a-w- c:\program files\DirectX.cab
2004-12-07 13:47:32 20717 -c--a-w- c:\program files\DirectX SDK EULA.txt

============= FINISH: 20:21:35.12 ===============

Attach.txt:

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2009 3:39:08 PM
System Uptime: 12/19/2009 3:07:43 AM (17 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUS
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 1002/199mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 1002/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 66 GiB total, 21.085 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.55 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
Z: is FIXED (NTFS) - 466 GiB total, 465.672 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/18/2009 3:48:19 PM - Installed Windows Installer KB893803v2.
RP2: 12/18/2009 4:02:59 PM - Installed Sound Blaster Audigy
RP3: 12/19/2009 3:01:09 AM - Software Distribution Service 3.0
RP4: 12/19/2009 7:06:04 PM - Installed Ventrilo Server

==== Installed Programs ======================

1000Tour
1200
1200_Help
1200Trb
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Alien Outbreak 2
Ancient Sudoku
ATI - Software Uninstall Utility
ATI Display Driver
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bookworm Deluxe
Bounce Symphony
BufferChm
CameraDrivers
CameraUserGuides
CC_ccProxyExt
ccCommon
ccPxyCore
Chuzzle Deluxe
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
Creative System Information
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
Diner Dash
DISCover
DocProc
DocumentViewer
Easy Internet Sign-up
ESET Online Scanner v3
Fairies
Family Feud
FATE
Fax
Fax_CDA
Flip Words
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 6.1
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
hpiCamDrvQFolder
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe
InstantShareDevices
J2SE Runtime Environment 5.0 Update 5
Jewel Quest
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Shockwave Player
Mah Jong Quest
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Away Mode
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Streets & Trips 2006
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSRedist
Mystery Case Files
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
ProductContext
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2006
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
Scan
ScannerCopy
SCRABBLE
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
SkinsHP1
Slingo Deluxe
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC
Status
Super Granny
SymNet
Tennis Titans
Toolbox
Tornado Jockey
Tradewinds
TrayApp
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB912945)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Ventrilo Server
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Works Upgrade

==== Event Viewer Messages From Past Week ========

12/19/2009 3:09:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
12/18/2009 6:22:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001731EAA397 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/18/2009 3:55:39 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file a3d.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 80.0.0.3, the version of the system file is 2.9.0.0.
12/18/2009 3:46:12 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/18/2009 3:46:12 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{43801800-cfee-11d2-a41b-006097b55ad3}\RegPermWriter.exe. Reference error message: The operation completed successfully. .
12/18/2009 3:46:12 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/18/2009 3:43:15 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\powercfg.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.3565.0, the version of the system file is 5.1.2600.2180.

==== End Of File ===========================

Hi Nate,

I need you to run the ESET and MBAM scans again and this time Remove the baddies :)

Also, it looks as though you tried some repair steps yesterday - what did you do?

-- Is your Norton AV subscription valid or did you let it lapse?

-- Please go into Add / Remove programs and Uninstall these two items:

Adobe Reader 7.0.5
J2SE Runtime Environment 5.0 Update 5

Then, reinstall the latest and much more secure versions:
http://get.adobe.com/reader/ - No need for McAfee Security Scan, but up to you.
http://java.com/en

Post me the fresh logs with the baddies removed and give me another DDS from AFTER the new runs of MBAM and ESET.
Be sure to Reboot after running MBAM.

Cheers :)
PP

Hi Nate,

I need you to run the ESET and MBAM scans again and this time Remove the baddies :)

Also, it looks as though you tried some repair steps yesterday - what did you do?

-- Is your Norton AV subscription valid or did you let it lapse?

-- Please go into Add / Remove programs and Uninstall these two items:

Adobe Reader 7.0.5
J2SE Runtime Environment 5.0 Update 5

Then, reinstall the latest and much more secure versions:
http://get.adobe.com/reader/ - No need for McAfee Security Scan, but up to you.
http://java.com/en

Post me the fresh logs with the baddies removed and give me another DDS from AFTER the new runs of MBAM and ESET.
Be sure to Reboot after running MBAM.

Cheers :)
PP

Okay, first off, the day before yesterday I tried to scan with an older MBAM and remove them, but it didn't do anything even when I told it to remove them.

-My norton came with the computer and has run out.

-Uninstalled Adobe with no problems but on the J2SE Encountered this (dont know if it is bad) : Error - Java java.lang.NullPointerException; Gave me two options "OK" or "More Details", At which I hit "More Details" and it just finished the uninstall instead of giving ANY details.

I also did the MBAM and ESET scans simultaneously (sorry if that is wrong) but ESET was a little faster at the beginning and slower at the end than MBAM. So I have a scan from ESET removing a few and having to stop it and then Finishing a MBAM scan and rebooting instantly (reason stopping ESET) then I ran another ESET after reboot.

Here is the first ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c47c603347b7a47addcd5856497bbfa
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-20 01:16:56
# local_time=2009-12-19 08:16:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 2 3825343 32626718 0 0
# compatibility_mode=1028 16777214 0 5 3907419 9890814 0 0
# compatibility_mode=3586 16764885 100 88 104907317 264480901 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=123307
# found=8
# cleaned=0
# scan_time=7442
C:\dcgwhpoh.exe a variant of Win32/Refpron.DF trojan 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent108.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent138.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent17.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent46.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent98.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c47c603347b7a47addcd5856497bbfa
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-20 07:14:41
# local_time=2009-12-20 02:14:41 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 2 3845284 32646659 0 0
# compatibility_mode=1028 16777214 0 5 3927360 9910755 0 0
# compatibility_mode=3586 16764885 100 88 104927258 264500842 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118921
# found=8
# cleaned=8
# scan_time=8963
C:\dcgwhpoh.exe a variant of Win32/Refpron.DF trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent108.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent138.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent17.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent46.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent98.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C

The MBAM:

Malwarebytes' Anti-Malware 1.42
Database version: 3392
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/20/2009 3:02:36 AM
mbam-log-2009-12-20 (03-02-36).txt

Scan type: Full Scan (C:\|D:\|Z:\|)
Objects scanned: 255092
Time elapsed: 1 hour(s), 51 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Then the 2nd ESET:

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c47c603347b7a47addcd5856497bbfa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-20 08:20:00
# local_time=2009-12-20 03:20:00 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16774142 0 2 3890390 32695365 0 0
# compatibility_mode=1028 16777214 0 5 3976066 9959461 0 0
# compatibility_mode=3586 16764885 100 88 104975964 264549548 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=126739
# found=0
# cleaned=0
# scan_time=7378

Installed the newer Java/Adobe.

Here is the DDS:

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 17:35:29.78 on Sun 12/20/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.531 [GMT -5:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\Program Files\Messenger\msmsgs.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
Trusted Zone: trymedia.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-12-31 133792]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-26 53896]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060216.009\NAVENG.Sys [2006-8-12 77864]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060216.009\NavEx15.Sys [2006-8-12 750952]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-26 334984]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-12 1119888]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-26 198368]

=============== Created Last 30 ================

2009-12-20 22:35:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-20 22:35:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-20 17:14:38 0 d-----w- c:\windows\system32\CatRoot_bak
2009-12-20 08:06:52 0 d-----w- c:\program files\MSXML 4.0
2009-12-20 06:16:08 0 d-----w- c:\windows\system32\appmgmt
2009-12-19 23:08:45 0 d-----w- c:\program files\ESET
2009-12-19 18:45:43 0 d-----w- c:\program files\Trend Micro
2009-12-19 08:04:58 0 d-----w- c:\windows\system32\PreInstall
2009-12-19 06:26:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 06:26:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 23:20:20 27648 ------w- c:\windows\system32\dllcache\jgpl400.dll
2009-12-18 23:20:20 163840 ------w- c:\windows\system32\dllcache\jgdw400.dll
2009-12-18 23:19:47 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-18 23:19:46 2180352 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-18 23:19:45 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-18 23:19:45 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-18 23:17:21 28672 ------w- c:\windows\system32\verclsid.exe
2009-12-18 23:16:27 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-18 22:36:13 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-12-18 22:36:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-18 22:36:07 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-12-18 22:36:00 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-18 22:35:56 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-18 22:35:51 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-18 22:35:42 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-18 20:55:41 133632 ----a-r- c:\windows\system32\CtDvInst.dll
2009-12-18 20:55:29 5627 ----a-r- c:\windows\system32\Ludap17.ini
2009-12-18 20:55:29 39 ----a-r- c:\windows\system32\ctzapxx.ini
2009-12-18 20:55:29 0 d-----w- c:\windows\system32\Data
2009-12-18 20:47:39 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-12-18 20:47:37 529 ----a-r- c:\windows\system32\ATIODCLI.exe.manifest
2009-12-18 20:47:37 527 ----a-r- c:\windows\system32\ATIODE.exe.manifest
2009-12-18 20:47:37 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2009-12-18 20:47:33 7167 ----a-r- c:\windows\system32\atifglpf.xml
2009-12-18 20:47:33 425984 ----a-r- c:\windows\system32\ATIDEMGX.dll
2009-12-18 20:47:31 887724 ----a-r- c:\windows\system32\ativva6x.dat
2009-12-18 20:47:30 3107788 ----a-r- c:\windows\system32\ativva5x.dat
2009-12-18 20:47:29 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2009-12-18 20:47:28 180720 ----a-r- c:\windows\system32\atiicdxx.dat
2009-12-18 20:46:17 0 d-sh--r- C:\cmdcons
2009-12-18 20:45:59 0 d-----w- c:\windows\setupupd
2009-12-18 20:45:14 0 d-sh--r- c:\windows\system32\dllcache
2009-12-18 20:43:05 1870 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX495AV-ABA a1550e_YC_0Pavi_QMXG632_E63NAecMPA3_48_INODUS_SASUSTek Computer INC._V1.03_B3.06_T060714_WXP2_L409_M1023_J500_7AMD_8Athlon 64 X2 Dual Core_92_#060817_N_Z_G1002954F_OHL-DT-ST RW DVD GCC-4482B.MRK
2009-12-18 20:41:09 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-12-18 20:41:07 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Symantec
2009-12-18 20:37:47 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-12 14:23:27 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Walgreens
2009-12-10 22:06:33 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Xfire
2009-12-08 20:58:38 0 d-----w- c:\program files\World of Warcraft
2009-12-07 20:52:33 0 d-----w- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-12-05 06:15:07 0 ----a-w- c:\windows\vpc32.INI
2009-12-05 06:09:51 0 d-----w- c:\program files\Symantec AntiVirus
2009-12-05 05:56:00 0 d-----w- C:\Symantec10.1.5
2009-11-25 04:40:58 0 d-----w- c:\docume~1\hp_adm~1\applic~1\AVG8
2009-11-24 22:49:32 0 d-----w- C:\temp
2009-11-24 02:14:37 0 d-----w- c:\program files\Cheat Engine
2009-11-24 01:29:10 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-12-18 20:46:45 112942 ----a-w- c:\windows\hpoins07.dat
2009-12-17 03:43:20 1350 ----a-w- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-10-27 11:01:03 18432 ------w- c:\windows\system32\dllcache\iedw.exe
2009-10-13 10:53:29 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:53:29 266752 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54:17 69632 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54:17 112128 ------w- c:\windows\system32\dllcache\rastls.dll
2009-09-25 05:49:02 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-25 05:48:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-25 05:48:58 1054208 ------w- c:\windows\system32\dllcache\danim.dll
2009-01-31 06:07:28 5190008 -c--a-w- c:\program files\Mudvayne_-_Do_what_You_Do.mp3
2009-01-31 05:50:59 11133568 -c--a-w- c:\program files\Disturbed_-_Indestructible.mp3
2004-12-07 14:13:42 3578547 -c--a-w- c:\program files\ManagedDX.CAB
2004-12-07 14:13:40 479432 -c--a-w- c:\program files\dxsetup.exe
2004-12-07 14:13:38 69832 -c--a-w- c:\program files\DSETUP.dll
2004-12-07 14:13:38 2249416 -c--a-w- c:\program files\dsetup32.dll
2004-12-07 14:13:38 13265040 -c--a-r- c:\program files\dxnt.cab
2004-12-07 14:13:36 15493481 -c--a-w- c:\program files\DirectX.cab
2004-12-07 13:47:32 20717 -c--a-w- c:\program files\DirectX SDK EULA.txt

============= FINISH: 17:36:10.76 ===============

DDS's Attach.txt:

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2009 3:39:08 PM
System Uptime: 12/20/2009 5:22:47 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | NODUS
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2004/199mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2004/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 66 GiB total, 19.937 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.55 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
Z: is FIXED (NTFS) - 466 GiB total, 465.672 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/18/2009 3:48:19 PM - Installed Windows Installer KB893803v2.
RP2: 12/18/2009 4:02:59 PM - Installed Sound Blaster Audigy
RP3: 12/19/2009 3:01:09 AM - Software Distribution Service 3.0
RP4: 12/19/2009 7:06:04 PM - Installed Ventrilo Server
RP5: 12/20/2009 1:17:38 AM - Removed J2SE Runtime Environment 5.0 Update 5
RP6: 12/20/2009 3:02:59 AM - Software Distribution Service 3.0
RP7: 12/20/2009 5:19:06 PM - Removed Adobe Reader 7.0.5
RP8: 12/20/2009 5:20:10 PM - Removed J2SE Runtime Environment 5.0 Update 5
RP9: 12/20/2009 5:34:43 PM - Installed Java(TM) 6 Update 17

==== Installed Programs ======================

1000Tour
1200
1200_Help
1200Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Alien Outbreak 2
Ancient Sudoku
ATI - Software Uninstall Utility
ATI Display Driver
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bookworm Deluxe
Bounce Symphony
BufferChm
CameraDrivers
CameraUserGuides
CC_ccProxyExt
ccCommon
ccPxyCore
Chuzzle Deluxe
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
Creative System Information
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
Diner Dash
DISCover
DocProc
DocumentViewer
Easy Internet Sign-up
ESET Online Scanner v3
Fairies
Family Feud
FATE
Fax
Fax_CDA
Flip Words
FullDPAppQFolder
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 6.1
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.1
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
hpiCamDrvQFolder
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe
InstantShareDevices
Java(TM) 6 Update 17
Jewel Quest
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Shockwave Player
Mah Jong Quest
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Away Mode
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Money 2006
Microsoft Streets & Trips 2006
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
ProductContext
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QFolder
Quicken 2006
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Ricochet Lost Worlds
Scan
ScannerCopy
SCRABBLE
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
SkinsHP1
Slingo Deluxe
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SPBBC
Status
Super Granny
SymNet
Tennis Titans
Toolbox
Tornado Jockey
Tradewinds
TrayApp
Unload
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB953356)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
Ventrilo Server
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB973768
Works Upgrade

==== Event Viewer Messages From Past Week ========

12/20/2009 3:02:28 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.
12/19/2009 3:09:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
12/18/2009 6:22:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001731EAA397 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/18/2009 3:55:39 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file a3d.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 80.0.0.3, the version of the system file is 2.9.0.0.
12/18/2009 3:46:12 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/18/2009 3:46:12 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\HP_Administrator\Local Settings\Temp\{43801800-cfee-11d2-a41b-006097b55ad3}\RegPermWriter.exe. Reference error message: The operation completed successfully. .
12/18/2009 3:46:12 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/18/2009 3:43:15 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\powercfg.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.3565.0, the version of the system file is 5.1.2600.2180.

==== End Of File ===========================

I also ran into this yesterday, I do not know if it relates to any of the problems: http://img526.imageshack.us/img526/6532/ventsrvphoto.png

that is also on XP not vista.

Hi Nate,

Things are looking better, but there is another tool I'd like to run.
-- BTW - run only one scan at a time to avoid complications.

First, though, we need to uninstall and remove Norton. If the subscription has lapsed and it doesn't have fresh definitions, then it is pretty useless.

Remove the Norton and install this Free AV + Firewall from Comodo.

. . . Or something different if you prefer - But you need to get that squared away and then we'll go from there.

Cheers :)
PP

I installed the Comodo AV+Firewall and removed Norton.

I also ran the Comodo scan and it turned up nothing.

I installed the Comodo AV+Firewall and removed Norton.

I also ran the Comodo scan and it turned up nothing.

Great!

I'd like to run two final scans to make sure everything is OK.

Please run a scan with the Kaspersky Online Scanner 7.0
* Note that you may need to temporarily disable your Anti-virus program for the duration of this scan.

-- Accept the agreement and allow the scanner to load and update its definitions. This may take a few minutes.
-- After the program files are downloaded and the anti-virus database is successfully updated, please select the Scan section in the left part of the main program window.
-- Click My Computer to begin a complete scan of your computer, including critical areas.
-- Once the scan has finished, select the Reports section in the left part of the main program window. Click the Save report button in the report viewing window. The Saving window will open.
-- Name the file KAS 1 and choos to save it to the Desktop as a .txt file and then click the Save button.
Please post that for me.


THEN:

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
* When GMER opens, it should automatically do a quick scan for rootkits.
When the quick scan finishes, click the Save Button and save the scanlog to your Desktop as GMER One.

-- If upon running GMER you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then click the save button and name the log GMER Two.log and save it to where you can easily find it and post it for me along with the first log.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
DO NOT take any action for any found items until I can have a look.

Cheers :)
PP

Great!

I'd like to run two final scans to make sure everything is OK.

Please run a scan with the Kaspersky Online Scanner 7.0
* Note that you may need to temporarily disable your Anti-virus program for the duration of this scan.

-- Accept the agreement and allow the scanner to load and update its definitions. This may take a few minutes.
-- After the program files are downloaded and the anti-virus database is successfully updated, please select the Scan section in the left part of the main program window.
-- Click My Computer to begin a complete scan of your computer, including critical areas.
-- Once the scan has finished, select the Reports section in the left part of the main program window. Click the Save report button in the report viewing window. The Saving window will open.
-- Name the file KAS 1 and choos to save it to the Desktop as a .txt file and then click the Save button.
Please post that for me.


THEN:

Please download GMER Rootkit Scanner:
http://www.gmer.net/download.php

-- DoubleClick the .exe file and, if asked, allow the gmer.sys driver to load.
* When GMER opens, it should automatically do a quick scan for rootkits.
When the quick scan finishes, click the Save Button and save the scanlog to your Desktop as GMER One.

-- If upon running GMER you receive a warning about Rootkit Activity and GMER asks if you want to run a scan, Click NO

-- Make sure the Rootkit/Malware Tab is selected (Top Left of GMER GUI)
Along the Right Side of the GMER GUI there will be a number of checked boxes. Please Uncheck the following:
- Sections
- Drives or Partitions other than your Systemdrive (usually C:\)
- Show All (be sure this one remains Unchecked)

-- Then, click the Scan Button
Allow the scan as long as it needs and then click the save button and name the log GMER Two.log and save it to where you can easily find it and post it for me along with the first log.

***Disconnect from the internet and do not run any other programs while GMER is scanning. Temporarily disable any real-time anti-spyware or anti-virus protection so they do not interfere with the running of GMER.
DO NOT take any action for any found items until I can have a look.

Cheers :)
PP

Okay, I had no issue running the two Kaspersky scans (Computer+Critical Areas)

Here are their logs:

My Computer:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 23, 2009 06:17:09
Records in database: 3401728
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Z:\

Scan statistics:
Objects scanned: 129450
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:01:53

File name / Threat / Threats count
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.

Critical Areas:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 23, 2009 06:17:09
Records in database: 3401728
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Critical areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Objects scanned: 100580
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:51:01

File name / Threat / Threats count
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.

Okay, now the big deal I had was the second scanner. When running the scan I would have it running for about an hour/hour and a half and come back and check it. The scanner would have a long list of stuff on the screen, but was still scanning more things.
Afterward I would come back to my computer and notice the scan was minimized (which I had not done) and I could not restore its size and it became unresponsive. I tried right clicking and all the options other than "close" were shaded out. After clicking on it a few more times the screen went blank and showed nothing but the background. The screen came back up, but no programs were running not even the scanner, and then the computer went haywire, I used task manager and noticed cpu usage went up to 100% and then restarted my computer. Requesting help on what to do now.

Okay, I had no issue running the two Kaspersky scans (Computer+Critical Areas) . . . . Requesting help on what to do now.

Kaspersky looks good.

With GMER, you pretty much need to let it run and don't touch anything while it scans, otherwise you can have problems such as what you experienced.

Reboot and see how things are running. I'd say based on the Kaspersky scan that you are probably good to go.

PP:)