Jump to content

isiswisdom

Members
  • Content Count

    40
  • Joined

  • Last visited

Everything posted by isiswisdom

  1. Actually Tomk, No I could not do it. I looked at windows 8 and they are truly on some Minority report stuff. I need simple not complicated. I'm a die hard fan of XP dude. I went and got a nice refurb and called it a day. Yeah I know about Microsoft not supporting it next year but I don't care. I will cross that road when I get to it. They should have kept XP. I will probably jump to Windows 7 or Start using Linux not sure but for now I'm straight. I'm really curious to see how you techs are going to give support for that windows 8 and that touch screen software smh.
  2. Greetings, I just went and purchased another computer. It was so bad I was not even able to get online not even log onto my desktop. I kept getting the blue screen of doom and gloom. The line of business that I work in I didn't have much time to waste. The computer was rather old anyway I had already backed up all of my files so I'm good now. As for anything Iobit never again and I'm going to try and see if I can even get my money back. As far as AVG I did keep that so I'm going to stick with it until it expires in November. Iobit never said anything about antivirus it was supposed to keep my computer malware free and keep it optimized what a waste of money. Thank you very much for your time and if I ever have any future issues I will hit you guys up.
  3. Hi TomK I thought I may have posted the same log twice. Here is the correct one and your statements are well noted looking forward to at least beginning to find out what the real problem is and yes you are correct I ran orbit and AVG at the same time I wish would have known this a little sooner smdh. Here is the DDS TEXT DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29Run by User at 20:51:39 on 2013-06-28Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.467 [GMT -4:00].AV: AVG AntiVirus 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.============== Running Processes ================.C:WINDOWSsystem32spoolsv.exeC:Program FilesFileOpenServicesFileOpenManagerService32.exeC:Program FilesFlip VideoFlipShareFlipShareService.exeC:Program FilesFlip VideoFlipShareServerFlipShareServer.exeC:Program FilesJavajre6binjqs.exeC:Program FilesMotorolaMotoHelperMotoHelperService.exeC:WINDOWSsystem32HPZipm12.exeC:Program FilesAnalog DevicesSoundMAXspkrmon.exeC:WINDOWSSystem32alg.exeC:WINDOWSsystem32wbemunsecapp.exeC:WINDOWSExplorer.EXEC:Program FilesMotorolaMotoHelperMotoHelperAgent.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:Program FilesInternet Exploreriexplore.exeC:WINDOWSsystem32wbemwmiprvse.exeC:WINDOWSsystem32svchost.exe -k WudfServiceGroupC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSsystem32svchost.exe -k imgsvcC:WINDOWSSystem32svchost.exe -k netsvcs.============== Pseudo HJT Report ===============.uInternet Connection Wizard,ShellNext = "c:program filesoutlook expressmsimn.exe" //mailurl:mailto:[email protected]?body=%0A%0A%0ASent%20via%20TweetDeck%20%28www%2Etweetdeck%2Ecom%29uProxyOverride = 192.168.*.*uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:program filesmicrosoft officeoffice14URLREDIR.DLLBHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre6binjp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:program filesjavajre6libdeployjqsiejqs_plugin.dlluRun: [ctfmon.exe] c:windowssystem32ctfmon.exedRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:progra~1micros~2office14EXCEL.EXE/3000IE: Se&nd to OneNote - c:progra~1micros~2office14ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice14ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:program filesmicrosoft officeoffice14ONBttnIELinkedNotes.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.1.254TCP: Interfaces{8FDF867E-BE18-4522-8CE0-C303F67A2035} : DHCPNameServer = 192.168.1.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:program filescommon filesmicrosoft sharedoffice14MSOXMLMF.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dllHosts: 127.0.0.1 validation.sls.microsoft.com============= SERVICES / DRIVERS ===============.R1 avgtp;avgtp;c:windowssystem32driversavgtpx86.sys [2013-6-17 37664]R2 FileOpenManagerService;FileOpen Manager Service;c:program filesfileopenservicesFileOpenManagerService32.exe [2012-10-17 213432]R2 FlipShareServer;FlipShare Server;c:program filesflip videoflipshareserverFlipShareServer.exe [2010-12-15 1085440]R2 MotoHelper;MotoHelper Service;c:program filesmotorolamotohelperMotoHelperService.exe [2011-12-6 214896]S3 BTCFilterService;USB Networking Driver Filter Service;c:windowssystem32driversmotfilt.sys --> c:windowssystem32driversmotfilt.sys [?]S3 HTCAND32;HTC Device Driver;c:windowssystem32driversandroidusb.sys --> c:windowssystem32driversANDROIDUSB.sys [?]S3 motandroidusb;Mot ADB Interface Driver;c:windowssystem32driversmotoandroid.sys --> c:windowssystem32driversmotoandroid.sys [?]S3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32driversmotccgp.sys --> c:windowssystem32driversmotccgp.sys [?]S3 motccgpfl;MotCcgpFlService;c:windowssystem32driversmotccgpfl.sys --> c:windowssystem32driversmotccgpfl.sys [?]S3 Motousbnet;Motorola USB Networking Driver Service;c:windowssystem32driversmotousbnet.sys --> c:windowssystem32driversMotousbnet.sys [?]S3 motusbdevice;Motorola USB Dev Driver;c:windowssystem32driversmotusbdevice.sys --> c:windowssystem32driversmotusbdevice.sys [?]S3 WDC_SAM;WD SCSI Pass Thru driver;c:windowssystem32driverswdcsam.sys [2008-5-6 11520]S3 WinRM;Windows Remote Management (WS-Management);c:windowssystem32svchost.exe -k WINRM [2008-4-14 14336].=============== Created Last 30 ================.2013-06-28 10:15:23 208184 ----a-w- c:windowssystem32driversavgidsdriverx.sys2013-06-28 10:15:22 60216 ----a-w- c:windowssystem32driversavgidshx.sys2013-06-28 10:15:22 22328 ----a-w- c:windowssystem32driversavgidsshimx.sys2013-06-28 10:15:21 182072 ----a-w- c:windowssystem32driversavgtdix.sys2013-06-28 10:15:20 39224 ----a-w- c:windowssystem32driversavgrkx86.sys2013-06-28 10:15:20 170808 ----a-w- c:windowssystem32driversavgldx86.sys2013-06-28 10:15:18 245048 ----a-w- c:windowssystem32driversavglogx.sys2013-06-28 03:43:35 -------- d-----w- c:documents and settingsuserapplication dataMalwarebytes2013-06-28 03:43:20 -------- d-----w- c:documents and settingsall usersapplication dataMalwarebytes2013-06-28 03:43:07 22856 ----a-w- c:windowssystem32driversmbam.sys2013-06-28 03:43:07 -------- d-----w- c:program filesMalwarebytes' Anti-Malware2013-06-22 02:24:13 -------- d-----w- c:program filescommon filesSpigot2013-06-21 01:21:08 -------- d-----w- c:documents and settingsall usersapplication dataPCPitstop2013-06-17 22:51:24 37664 ----a-w- c:windowssystem32driversavgtpx86.sys2013-06-12 01:22:33 9089416 ----a-w- c:windowssystem32FlashPlayerInstaller.exe.==================== Find3M ====================.2013-05-07 22:30:06 920064 ----a-w- c:windowssystem32wininet.dll2013-05-07 22:30:05 43520 ----a-w- c:windowssystem32licmgr10.dll2013-05-07 22:30:05 1469440 ----a-w- c:windowssystem32inetcpl.cpl2013-05-07 21:53:29 385024 ----a-w- c:windowssystem32html.iec2013-05-03 01:30:20 2149888 ----a-w- c:windowssystem32ntoskrnl.exe2013-05-03 00:38:17 2028544 ----a-w- c:windowssystem32ntkrnlpa.exe2013-04-18 00:22:24 23360 ----a-w- c:windowssystem32RegistryDefragBootTime.exe2013-04-10 01:31:19 1876352 ----a-w- c:windowssystem32win32k.sys2012-06-13 13:23:30 893560 ----a-w- c:program filescommon filesAutoCompletePro.exe.============= FINISH: 20:52:15.45 ===============
  4. Greetings, I was instructed to come here and post these logs. I was in another forum I did the malwarebytes run and now I'm posting here from running a different program called DDS as instructed from another tech. Bottom line my computer's Antivirus (AVG) does not work. Chrome and firefox had to be uninstalled and I can't even use any flash plugins from Adobe. My computer shuts down the browsers constantly crash it claims there is no memory. I uninstalled every programmed I instaleld in the year 2013 the only browser that is working now is explorer will see how long that lasts. Need assistance very frustrating. Here is the log from DDS both notepad version and attached are posted here thank you. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 6/10/2010 6:05:32 PMSystem Uptime: 6/28/2013 5:30:46 PM (3 hours ago).Motherboard: Dell Inc. | | 0G5611Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 37 GiB total, 8.478 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP768: 6/9/2013 11:45:34 PM - System CheckpointRP769: 6/11/2013 3:38:18 AM - System CheckpointRP770: 6/12/2013 4:56:07 AM - System CheckpointRP771: 6/13/2013 3:00:25 AM - Software Distribution Service 3.0RP772: 6/14/2013 3:39:38 AM - System CheckpointRP773: 6/15/2013 4:39:11 AM - System CheckpointRP774: 6/16/2013 7:15:22 AM - System CheckpointRP775: 6/17/2013 8:51:14 AM - System CheckpointRP776: 6/17/2013 6:21:41 PM - Removed AVG 2013RP777: 6/17/2013 6:23:13 PM - Removed AVG 2013RP778: 6/17/2013 6:48:03 PM - Installed AVG 2013RP779: 6/17/2013 6:48:54 PM - Installed AVG 2013RP780: 6/18/2013 8:33:32 PM - System CheckpointRP781: 6/19/2013 10:25:50 PM - System CheckpointRP782: 6/20/2013 7:43:52 AM - Removed Adobe Reader XI (11.0.03).RP783: 6/20/2013 5:25:42 PM - Removed Microsoft SilverlightRP784: 6/20/2013 5:26:44 PM - Removed LG United Mobile Drivers.RP785: 6/21/2013 6:13:59 PM - System CheckpointRP786: 6/22/2013 10:44:53 PM - System CheckpointRP787: 6/23/2013 8:19:20 AM - Removed IObit Apps Toolbar v7.2.RP788: 6/24/2013 9:21:24 PM - System CheckpointRP789: 6/25/2013 9:26:05 PM - System CheckpointRP790: 6/27/2013 9:02:14 AM - System Checkpoint.==== Installed Programs ======================.Apple Software UpdateiTunesMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 2.0 Service Pack 2Microsoft Office Single Image 2010MotoHelper 2.1.32 Driver 5.4.0Motorola Mobile Drivers Installation 5.4.0Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2847204)Seesmic Desktop 2Windows Management Framework Core.==== Event Viewer Messages From Past Week ========.6/28/2013 6:53:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}6/28/2013 6:42:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGTP0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGTDIX0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGLOGX0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGLDX860000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGIDSSHIM0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGIDSHX0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGIDSDRIVER0000 disappeared from the system without first being prepared for removal.6/28/2013 6:08:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}6/28/2013 6:08:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}6/28/2013 12:07:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 IntelIde6/25/2013 9:46:23 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.6/24/2013 7:24:39 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.6/24/2013 7:19:42 PM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213659 (0xE001CA1B).6/24/2013 2:58:47 AM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the vToolbarUpdater15.2.0 service to connect.6/24/2013 2:58:47 AM, error: Service Control Manager [7000] - The vToolbarUpdater15.2.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.6/24/2013 10:51:18 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.6/24/2013 10:41:26 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.6/23/2013 9:23:49 AM, error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: %%37581985326/22/2013 9:32:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx866/22/2013 9:32:36 PM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758162040 (0xE0010078).6/22/2013 12:59:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 000F1FD92C83 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).6/21/2013 9:59:01 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.6/21/2013 4:09:12 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.6/21/2013 10:27:34 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== The attached log copied and pasted here: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 6/10/2010 6:05:32 PMSystem Uptime: 6/28/2013 5:30:46 PM (3 hours ago).Motherboard: Dell Inc. | | 0G5611Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 37 GiB total, 8.478 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP768: 6/9/2013 11:45:34 PM - System CheckpointRP769: 6/11/2013 3:38:18 AM - System CheckpointRP770: 6/12/2013 4:56:07 AM - System CheckpointRP771: 6/13/2013 3:00:25 AM - Software Distribution Service 3.0RP772: 6/14/2013 3:39:38 AM - System CheckpointRP773: 6/15/2013 4:39:11 AM - System CheckpointRP774: 6/16/2013 7:15:22 AM - System CheckpointRP775: 6/17/2013 8:51:14 AM - System CheckpointRP776: 6/17/2013 6:21:41 PM - Removed AVG 2013RP777: 6/17/2013 6:23:13 PM - Removed AVG 2013RP778: 6/17/2013 6:48:03 PM - Installed AVG 2013RP779: 6/17/2013 6:48:54 PM - Installed AVG 2013RP780: 6/18/2013 8:33:32 PM - System CheckpointRP781: 6/19/2013 10:25:50 PM - System CheckpointRP782: 6/20/2013 7:43:52 AM - Removed Adobe Reader XI (11.0.03).RP783: 6/20/2013 5:25:42 PM - Removed Microsoft SilverlightRP784: 6/20/2013 5:26:44 PM - Removed LG United Mobile Drivers.RP785: 6/21/2013 6:13:59 PM - System CheckpointRP786: 6/22/2013 10:44:53 PM - System CheckpointRP787: 6/23/2013 8:19:20 AM - Removed IObit Apps Toolbar v7.2.RP788: 6/24/2013 9:21:24 PM - System CheckpointRP789: 6/25/2013 9:26:05 PM - System CheckpointRP790: 6/27/2013 9:02:14 AM - System Checkpoint.==== Installed Programs ======================.Apple Software UpdateiTunesMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 2.0 Service Pack 2Microsoft Office Single Image 2010MotoHelper 2.1.32 Driver 5.4.0Motorola Mobile Drivers Installation 5.4.0Security Update for Windows Internet Explorer 8 (KB2817183)Security Update for Windows Internet Explorer 8 (KB2829530)Security Update for Windows Internet Explorer 8 (KB2838727)Security Update for Windows Internet Explorer 8 (KB2847204)Seesmic Desktop 2Windows Management Framework Core.==== Event Viewer Messages From Past Week ========.6/28/2013 6:53:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}6/28/2013 6:42:23 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGTP0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGTDIX0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGLOGX0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGLDX860000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGIDSSHIM0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGIDSHX0000 disappeared from the system without first being prepared for removal.6/28/2013 6:18:01 AM, error: PlugPlayManager [11] - The device RootLEGACY_AVGIDSDRIVER0000 disappeared from the system without first being prepared for removal.6/28/2013 6:08:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:55 AM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.6/28/2013 6:08:27 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}6/28/2013 6:08:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}6/28/2013 12:07:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 IntelIde6/25/2013 9:46:23 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.6/24/2013 7:24:39 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.6/24/2013 7:19:42 PM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213659 (0xE001CA1B).6/24/2013 2:58:47 AM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the vToolbarUpdater15.2.0 service to connect.6/24/2013 2:58:47 AM, error: Service Control Manager [7000] - The vToolbarUpdater15.2.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.6/24/2013 10:51:18 AM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.6/24/2013 10:41:26 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.6/23/2013 9:23:49 AM, error: Service Control Manager [7000] - The AVG AVI Loader Driver service failed to start due to the following error: %%37581985326/22/2013 9:32:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx866/22/2013 9:32:36 PM, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758162040 (0xE0010078).6/22/2013 12:59:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 000F1FD92C83 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).6/21/2013 9:59:01 PM, error: Service Control Manager [7022] - The Windows Image Acquisition (WIA) service hung on starting.6/21/2013 4:09:12 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.6/21/2013 10:27:34 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================
  5. Ok this is just ridiculous do you know I can't copy and paste this log??? It took me this long to even give a response back because the only browser that can be used at this point is internet explorer and when I downloaded the antimalware it was giving me issues to even do that. GRRRRRRRRRRR! Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.06.27.11 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702User :: USER-A9A67FB829 [administrator] 6/27/2013 11:57:37 PMmbam-log-2013-06-27 (23-57-37).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 251723Time elapsed: 7 minute(s), 29 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:Documents and SettingsAll UsersApplication DataIBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully. Files Detected: 2C:Documents and SettingsUserMy DocumentsDownloadsMusicConverterSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.C:Documents and SettingsAll UsersApplication DataIBUpdaterServicerepository.xml (PUP.InstallBrain) -> Quarantined and deleted successfully. (end)
  6. Ok with in the last week I have been having some serious issues with my computer. Both of my browsers crash consistently chrome and firefox can't even use adobe flash to watch movies anymore says not enough memory. The computer just blanks out and blue screen comes up and says physical memory dump. I removed a bunch of stuff of my computer and nothing works. I do the pcpitstop optimize scan and pay for the program to fix it now my AVG antivirus interface does not work won't even open up. I can't take it anymore. Can somebody please assist it would be greatly appreciated. I have operating system windows XP professional. Version 2002 service pack 3. Intel ® 4 CPU 2.80 GHZ, 2.79 GHZ, 0.99 GB of ram.
  7. 2011-04-06 16:11:47 . 2011-04-06 16:11:48 142,970 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2011-04-06_12.11.43.zip 2011-04-03 06:12:17 . 2011-04-03 06:12:17 596 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ICQ.reg.dat 2011-03-27 04:33:49 . 2011-03-27 04:33:49 754 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-OfferBox Browser.reg.dat 2011-03-27 04:33:27 . 2011-03-27 04:33:27 676 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-YmEwGJXgpidLPI.reg.dat 2011-03-27 04:33:27 . 2011-03-27 04:33:27 598 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-VXEG3ZNNE5.reg.dat 2011-03-27 04:33:27 . 2011-03-27 04:33:27 592 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-uTorrent.reg.dat 2011-03-27 04:33:27 . 2011-03-27 04:33:27 552 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-tsnp2std.reg.dat 2011-03-27 04:33:27 . 2011-03-27 04:33:27 634 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SearchSettings.reg.dat 2011-03-27 04:33:27 . 2011-03-27 04:33:27 598 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-OUU6KC5WPX.reg.dat 2011-03-27 04:33:26 . 2011-03-27 04:33:26 602 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-NtWqIVLZEWZU.reg.dat 2011-03-27 04:33:26 . 2011-03-27 04:33:26 622 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-eFax 4.reg.dat 2011-03-27 04:33:26 . 2011-03-27 04:33:26 628 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Afuha.reg.dat 2011-03-27 04:33:26 . 2011-03-27 04:33:26 750 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AdobeCS4ServiceManager.reg.dat 2011-03-27 04:33:10 . 2011-04-03 06:12:03 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat 2011-03-26 08:04:24 . 2011-03-26 08:44:06 368 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Guest.ATLANTIS\Application Data\OfferBox\config.xml.vir 2011-03-26 08:04:24 . 2011-03-26 08:04:24 23,269 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Guest.ATLANTIS\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[code_VER]&ISN=[iSN].xml.vir 2011-03-26 07:27:46 . 2011-03-26 06:56:50 162,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Fmacac.exe.vir 2011-03-26 07:23:14 . 2011-03-26 06:58:18 162,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Fmacab.exe.vir 2011-03-26 07:08:16 . 2011-03-26 07:08:17 881 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Windows Repair\Uninstall Windows Repair.lnk.vir 2011-03-26 07:08:16 . 2011-03-26 07:08:16 809 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Windows Repair\Windows Repair.lnk.vir 2011-03-26 07:00:47 . 2011-03-26 07:00:47 153,681 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\OfferBox\config.dat.vir 2011-03-26 07:00:02 . 2011-03-26 07:00:02 159,406 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\uninst.exe.vir 2011-03-26 06:59:37 . 2011-03-26 06:59:37 5,954 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\{1B3EA380-DCBC-4216-B27A-6BC260E0A715}\chrome\content\overlay.xul.vir 2011-03-26 06:59:37 . 2011-03-26 06:59:38 2,122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\{1B3EA380-DCBC-4216-B27A-6BC260E0A715}\chrome\content\_cfg.js.vir 2011-03-26 06:59:37 . 2011-03-26 06:59:38 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\{1B3EA380-DCBC-4216-B27A-6BC260E0A715}\install.rdf.vir 2011-03-26 06:59:37 . 2011-03-26 06:59:37 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\{1B3EA380-DCBC-4216-B27A-6BC260E0A715}\chrome.manifest.vir 2011-03-26 06:58:39 . 2011-03-27 04:03:07 1,886 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\OfferBox\config.xml.vir 2011-03-26 06:57:34 . 2011-03-26 06:57:35 149,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\smbinstz.dll.vir 2011-03-26 06:57:34 . 2011-03-26 06:57:35 149,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\c_10000F.dll.vir 2011-03-26 06:57:18 . 2011-03-26 06:56:46 162,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Fmacaa.exe.vir 2011-03-24 11:31:56 . 2011-03-24 11:31:56 39,224 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\OfferBoxChromeExtension.crx.vir 2011-03-24 11:31:50 . 2011-03-24 11:31:50 135,000 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\OfferBoxBHO.dll.vir 2011-03-24 11:31:46 . 2011-03-24 11:31:46 95,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\[email protected]\components\OfferBoxXpCom.dll.vir 2011-03-24 11:31:44 . 2011-03-24 11:31:44 41,029 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\res\language.xml.vir 2011-03-24 11:31:40 . 2011-03-24 11:31:40 1,074,008 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\OfferBoxEngine.dll.vir 2011-03-24 11:31:36 . 2011-03-24 11:31:36 1,966,936 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\OfferBox.exe.vir 2011-03-24 11:31:34 . 2011-03-24 11:31:34 69,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\OfferBoxLauncher.exe.vir 2011-03-24 11:30:42 . 2011-03-24 11:30:42 3,233 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\[email protected]\install.rdf.vir 2011-03-24 11:30:18 . 2011-03-24 11:30:18 150 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\[email protected]\components\OfferBoxXpCom.xpt.vir 2011-03-24 11:24:24 . 2011-03-24 11:24:24 212 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\[email protected]\chrome.manifest.vir 2011-03-24 11:24:24 . 2011-03-24 11:24:24 8,560 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\[email protected]\chrome\content\events.js.vir 2011-03-24 11:24:24 . 2011-03-24 11:24:24 252 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\[email protected]\chrome\content\overlay.xul.vir 2011-03-24 11:21:10 . 2011-03-24 11:21:10 2,608 ----a-w- C:\Qoobox\Quarantine\C\Program Files\OfferBox\res\loader.gif.vir 2011-03-20 15:48:54 . 2011-03-20 15:48:54 43,536 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\w.xml.vir 2011-03-04 15:13:55 . 2011-03-13 23:22:02 23,521 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Midori.ATLANTIS\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[code_VER]&ISN=[iSN].xml.vir 2011-01-10 17:53:54 . 2011-03-26 07:06:25 3,400 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\mru.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 23,296 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\1.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 125,672 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\a.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 165,160 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\b.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 172,176 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\c.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 105,704 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\d.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 108,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\e.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 60,048 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\f.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 70,624 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\g.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 52,920 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\h.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 48,336 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\i.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 28,000 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\J.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 28,080 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\k.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 69,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\l.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 104,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\m.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 36,808 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\n.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 41,072 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\o.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 96,480 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\p.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 4,440 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\q.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 36,768 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\r.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 159,760 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\s.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 95,664 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\t.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 20,960 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\u.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 30,528 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\v.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 2,888 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\x.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 10,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\y.xml.vir 2011-01-05 11:02:22 . 2011-01-05 11:02:22 11,648 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\PriceGong\Data\z.xml.vir 2010-02-18 21:07:35 . 2010-08-23 23:08:57 39,149 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Guest.ATLANTIS\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml.vir 2010-02-18 21:07:25 . 2011-03-26 08:04:23 10,494 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Guest.ATLANTIS\Application Data\Dealio\res\widgets.xml.vir 2010-01-01 08:11:13 . 2010-02-27 17:37:11 38,638 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Midori.ATLANTIS\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml.vir 2010-01-01 08:10:55 . 2011-03-04 15:13:48 10,494 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Midori.ATLANTIS\Application Data\Dealio\res\widgets.xml.vir 2009-12-19 19:29:20 . 2009-12-19 19:29:20 906 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\HP Image Zone .lnk.vir 2009-06-26 00:27:50 . 2004-04-30 10:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir 2009-06-26 00:27:50 . 2002-09-10 04:14:14 100 ----a-w- C:\Qoobox\Quarantine\D\Desktop.ini.vir 2009-06-26 00:19:19 . 2011-04-06 16:26:09 8,655 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-06-26 00:09:04 . 2011-04-06 16:10:20 408 ----a-w- C:\Qoobox\Quarantine\catchme.log 2005-05-13 00:32:42 . 2005-05-13 00:32:42 225,280 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Documents\setup.exe.vir
  8. My computer runs a lot better now but for some reason my desktop load time is very slow i checked the star up programs in ms config and only 5 programs start so I don't know if it's a memory issue or not. when I log on to it even when the computer reboots it moves a lot slower now since I ran that eset scan and all those viruses were revealed. But its ok even the browser is acting funny slow and sticking. Just for the record the wordonthestreetsmag is my magazine and I noticed that something on there with that name on had been deleted I hope it was not a folder or something.
  9. ComboFix 11-04-05.02 - Compaq_Owner 04/06/2011 12:11:51.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.484 [GMT -4:00] Running from: c:\documents and settings\Compaq_Owner.ATLANTIS.000\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner.ATLANTIS.000\Desktop\CFScript.txt AV: Panda Internet Security 2011 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2011 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . FILE :: "c:\documents and settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe" "c:\documents and settings\Compaq_Owner.ATLANTIS.000\Application Data\Sun\Java\Deployment\cache\6.0\35\1d42b1a3-448e75af" "c:\documents and settings\Compaq_Owner.ATLANTIS.000\My Documents\blog photos 1\Downloads\media.player.codec.pack.v3.9.1.setup.exe" "c:\documents and settings\Compaq_Owner.ATLANTIS.000\My Documents\Downloads\Downloads\media.player.codec.pack.v3.9.1.setup.exe" "c:\documents and settings\Compaq_Owner.ATLANTIS.000\My Documents\Downloads\jZipV1c.exe" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\10\35ace28a-6117b8fa" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\15\399851cf-3283dece" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\24\38566918-426c3127" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\25\16646899-4201d4e9" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\32\4e5c2020-21885f0d" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\41\23ea3369-29b74db3" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\41\6aa23129-4275235d" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\56\2d475f78-7eace744" "c:\documents and settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\56\473ab678-6efc9201" "c:\hp\bin\wbug\CompaqPresario_Spring06.exe" "c:\windows\Fbudacikofe.bin" "d:\i386\Apps\APP27596\src\CompaqPresario_Spring06.exe" "d:\i386\Apps\APP27596\src\HPPavillion_Spring06.exe" . file zipped: c:\documents and settings\Compaq_Owner.ATLANTIS.000\Recent\c_10000F.dll.lnk file zipped: c:\documents and settings\Compaq_Owner.ATLANTIS.000\Recent\smbinstz.dll.lnk file zipped: c:\windows\system32\c_10000F.dll file zipped: c:\windows\system32\smbinstz.dll . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\~Simone~\WINDOWS c:\documents and settings\Administrator.HOME\WINDOWS c:\documents and settings\Administrator.ISISWISDOM\WINDOWS c:\documents and settings\Administrator\WINDOWS c:\documents and settings\adminstrator\WINDOWS c:\documents and settings\Compaq_Owner.ATLANTIS.000\WINDOWS c:\documents and settings\Default User\WINDOWS c:\documents and settings\Guest.ATLANTIS\WINDOWS c:\documents and settings\Guest.HOME\WINDOWS c:\documents and settings\Guest.ISISWISDOM\WINDOWS c:\documents and settings\Guest\WINDOWS c:\documents and settings\Isiswisdom\WINDOWS c:\documents and settings\Midori.ATLANTIS\WINDOWS c:\documents and settings\Midori\WINDOWS c:\documents and settings\TEMP.HOME.000\WINDOWS c:\documents and settings\TEMP.HOME\WINDOWS c:\documents and settings\Wordonthestreetsmag\WINDOWS c:\windows\system32\c_10000F.dll c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\smbinstz.dll . . ((((((((((((((((((((((((( Files Created from 2011-03-06 to 2011-04-06 ))))))))))))))))))))))))))))))) . . 2011-04-05 11:01 . 2011-04-05 11:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-05 10:17 . 2011-04-05 10:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\Flip Video 2011-04-03 21:24 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-03 21:24 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-01 23:16 . 2011-04-01 23:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Flip Video 2011-04-01 23:14 . 2011-04-01 23:15 -------- d-----w- c:\program files\Flip Video 2011-03-29 05:34 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-03-29 05:34 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-03-27 11:42 . 2011-03-27 11:43 -------- d-----w- c:\windows\system32\NtmsData 2011-03-26 21:28 . 2011-04-03 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-26 20:10 . 2011-03-26 20:10 -------- d-----w- c:\program files\7-Zip 2011-03-26 08:03 . 2011-03-26 08:03 -------- d-----w- c:\documents and settings\Guest.ATLANTIS\Local Settings\Application Data\Panda Security 2011-03-26 08:03 . 2011-03-26 08:03 -------- d-----w- c:\documents and settings\Guest.ATLANTIS\Local Settings\Application Data\{79D7C555-37D9-480E-B714-90D6B35EE03B} 2011-03-26 07:00 . 2011-03-26 07:00 0 ----a-w- c:\windows\Fbudacikofe.bin 2011-03-24 04:43 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-03-24 04:43 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-03-24 04:43 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-03-24 04:43 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-03-24 04:43 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-03-24 04:43 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-03-24 04:43 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-03-24 04:43 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-03-12 22:20 . 2011-03-12 22:20 -------- d-----w- c:\documents and settings\Midori.ATLANTIS\Local Settings\Application Data\Panda Security 2011-03-11 13:09 . 2011-03-11 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO 2011-03-10 08:07 . 2011-03-10 08:08 -------- dc----w- C:\4ff3ce1b35fd14d537958342742f2058 2011-03-09 05:35 . 2006-07-15 22:20 401510 ----a-w- c:\program files\Mozilla Firefox\extensions\xpcom_core.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 09:13 . 2011-03-07 15:01 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2011-04-05 11:01 . 2010-05-30 05:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-04 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 12:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2011-03-18 17:53 . 2011-03-24 04:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2010-08-26 988480] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . c:\documents and settings\Midori.ATLANTIS\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . c:\documents and settings\Administrator.ISISWISDOM\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 17:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=c:\windows\pss\Compaq Connections.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^Compaq Organize.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\Compaq Organize.lnk backup=c:\windows\pss\Compaq Organize.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^eFax 4.4.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\eFax 4.4.lnk backup=c:\windows\pss\eFax 4.4.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^ZooskMessenger.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\ZooskMessenger.lnk backup=c:\windows\pss\ZooskMessenger.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-12-14 22:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6] 2009-10-08 16:13 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4] c:\program files\eFax Messenger 4.4\J2GDllCmd.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-08-27 04:51 136176 ----atw- c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] 2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtWqIVLZEWZU] c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\Ftl.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2010-12-29 19:15 22490480 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OUU6KC5WPX] c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\Fs4.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] 2010-06-11 15:08 68928 ----a-w- c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder] 2011-01-20 19:21 1335296 ----a-w- c:\program files\Skype Recorder\Skype Recorder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2006-09-15 18:21 675840 ----a-w- c:\windows\vsnp2std.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-12-21 21:01 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std] c:\windows\tsnp2std.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] c:\program files\uTorrent\uTorrent.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-12-23 19:18 2642168 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VXEG3ZNNE5] c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\Fs5.exe [bU] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Documents and Settings\\Compaq_Owner.ATLANTIS.000\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "24726:TCP"= 24726:TCP:FlipShareServer "24727:TCP"= 24727:TCP:FlipShareServer "1038:TCP"= 1038:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [3/7/2011 10:55 AM 26696] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [3/7/2011 10:55 AM 76296] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [3/7/2011 10:55 AM 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [3/7/2011 10:55 AM 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [3/7/2011 10:55 AM 193800] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [3/7/2011 10:55 AM 159112] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [3/7/2011 10:53 AM 37896] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [3/7/2011 10:55 AM 46856] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [3/7/2011 10:54 AM 59080] R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [3/7/2011 10:53 AM 163336] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2011\psksvc.exe [3/7/2011 10:55 AM 28992] R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [3/7/2011 10:54 AM 199688] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S3 CFcatchme;CFcatchme;\??\c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\CFcatchme.sys [?] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [3/7/2011 11:01 AM 13880] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-04-06 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job - c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-01-17 20:52] . 2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 20:43] . 2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 20:43] . 2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160022376-2454873356-2939394789-1009Core.job - c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 04:51] . 2011-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160022376-2454873356-2939394789-1009UA.job - c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 04:51] . 2011-03-14 c:\windows\Tasks\HPCeeSchedule.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Compaq_Owner.ATLANTIS.000\Application Data\Mozilla\Firefox\Profiles\9b3jo2ok.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-06 12:33 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\Ati2evxx.dll c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(880) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\progra~1\WINDOW~1\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Panda Security\Panda Internet Security 2011\TPSrv.exe c:\program files\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Panda Security\Panda Internet Security 2011\PsCtrls.exe c:\program files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\PSIService.exe c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE c:\program files\Panda Security\Panda Internet Security 2011\PsImSvc.exe c:\program files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe c:\program files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-04-06 12:42:55 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-06 16:42 ComboFix2.txt 2011-04-03 21:15 ComboFix3.txt 2011-04-03 06:13 ComboFix4.txt 2011-03-27 04:35 ComboFix5.txt 2011-04-06 16:10 . Pre-Run: 80,057,835,520 bytes free Post-Run: 80,165,830,656 bytes free . - - End Of File - - AEEBFA61DEC047DD7F9079A5707B637E Upload was successful
  10. The results of the scanner is quite disturbing I saw at least 5 on my desk top and even more on my daughters desktop geez. That would explain why the computer was acting so slow. It runs better now but you can still hear that crunching noise like java or something. I had to uninstall and reinstall with the latest version of Java. When I went to the site it told me to remove various installations but when I went to add remove programs it had shown only one. However, when you run a search on this computer all kinds of java folders and things came up. I did not delete any of it because some of those files look to be like system files. Just out of curiosity why could I not have those files removed from that program? I know you wanted to see it but I was just wondering. SystemLook 04.09.10 by jpshortstuff Log created at 07:07 on 05/04/2011 by Compaq_Owner Administrator - Elevation successful ========== filefind ========== Searching for "*Fbudacikofe*" C:\WINDOWS\Fbudacikofe.bin --a---- 0 bytes [07:00 26/03/2011] [07:00 26/03/2011] D41D8CD98F00B204E9800998ECF8427E Searching for "*smbinstz*" C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\Recent\smbinstz.dll.lnk --a---- 550 bytes [12:37 28/03/2011] [16:53 30/03/2011] 0037D51562E733865C5887582CFE79A7 C:\WINDOWS\system32\smbinstz.dll -rahs-- 149504 bytes [06:57 26/03/2011] [06:57 26/03/2011] (Unable to calculate MD5) Searching for "*c_10000F*" C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\Recent\c_10000F.dll.lnk --a---- 550 bytes [16:04 28/03/2011] [17:10 30/03/2011] B9561E95B0BB7C24B623CFAA806BE39F C:\WINDOWS\system32\c_10000F.dll -rahs-- 149504 bytes [06:57 26/03/2011] [06:57 26/03/2011] (Unable to calculate MD5) -= EOF =- Eset online scanner results C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe probably a variant of Win32/Agent.HZHBURL trojan C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\Application Data\Sun\Java\Deployment\cache\6.0\35\1d42b1a3-448e75af Java/TrojanDownloader.Agent.NCM trojan C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\My Documents\blog photos 1\Downloads\media.player.codec.pack.v3.9.1.setup.exe Win32/Adware.Toolbar.Dealio application C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\My Documents\Downloads\jZipV1c.exe a variant of Win32/Adware.Toolbar.Shopper.AA application C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\My Documents\Downloads\Downloads\media.player.codec.pack.v3.9.1.setup.exe Win32/Adware.Toolbar.Dealio application C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\10\35ace28a-6117b8fa multiple threats C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\15\399851cf-3283dece probably a variant of Win32/Agent.FQRCZBA trojan C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\24\38566918-426c3127 a variant of Java/TrojanDownloader.Agent.NAN trojan C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\25\16646899-4201d4e9 multiple threats C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\32\4e5c2020-21885f0d multiple threats C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\41\23ea3369-29b74db3 multiple threats C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\41\6aa23129-4275235d a variant of Java/Exploit.Agent.NAC trojan C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\56\2d475f78-7eace744 multiple threats C:\Documents and Settings\Midori.ATLANTIS\Application Data\Sun\Java\Deployment\cache\6.0\56\473ab678-6efc9201 a variant of Java/TrojanDownloader.OpenStream.NBF trojan C:\hp\bin\wbug\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application C:\hp\drivers\hpiz\autorun.inf INF/Autorun.Sz virus C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\autorun.inf INF/Autorun.Sz virus C:\Program Files\HP\Temp\{1A65E29E-5BAF-4452-A111-3290AED6BDBC}\autorun.inf INF/Autorun.Sz virus C:\Program Files\HP\Temp\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\autorun.inf INF/Autorun.Sz virus C:\Qoobox\Quarantine\C\WINDOWS\Fmacaa.exe.vir a variant of Win32/Kryptik.LYZ trojan C:\Qoobox\Quarantine\C\WINDOWS\Fmacab.exe.vir a variant of Win32/Kryptik.LYZ trojan C:\Qoobox\Quarantine\C\WINDOWS\Fmacac.exe.vir a variant of Win32/Kryptik.LYZ trojan C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1\A0000006.dll a variant of Win32/Cimag.GL trojan C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2\A0001138.rbf a variant of Win32/Adware.Toolbar.Dealio application C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2\A0001143.rbf a variant of Win32/Adware.Toolbar.Dealio application C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2\A0001144.rbf probably a variant of Win32/Adware.Toolbar.Dealio application C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2\A0001492.exe a variant of Win32/Kryptik.LYZ trojan C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2\A0001493.exe a variant of Win32/Kryptik.LYZ trojan C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP2\A0001494.exe a variant of Win32/Kryptik.LYZ trojan D:\I386\Apps\APP27596\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application D:\I386\Apps\APP27596\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application
  11. no i did not do a restore point but the combofix did create a restore point i don't know why it did that. You must see something that im not seeing so let me run this software and report it here. ComboFix 11-04-02.03 - Compaq_Owner 04/03/2011 16:51:54.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.619 [GMT -4:00] Running from: c:\documents and settings\Compaq_Owner.ATLANTIS.000\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner.ATLANTIS.000\Desktop\CFScript.txt AV: Panda Internet Security 2011 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2011 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . FILE :: "c:\documents and settings\All Users\Application Data\YmEwGJXgpidLPI.exe" "c:\windows\azekudatugapojuy.dll" "c:\windows\Fbudacikofe.bin" "c:\windows\system32\c_10000F.dll" "c:\windows\system32\smbinstz.dll" . . ((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 ))))))))))))))))))))))))))))))) . . 2011-04-01 23:16 . 2011-04-01 23:16 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Flip Video 2011-04-01 23:14 . 2011-04-01 23:15 -------- d-----w- c:\program files\Flip Video 2011-03-29 05:34 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-03-29 05:34 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2011-03-27 11:42 . 2011-03-27 11:43 -------- d-----w- c:\windows\system32\NtmsData 2011-03-26 21:28 . 2011-03-27 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-26 20:10 . 2011-03-26 20:10 -------- d-----w- c:\program files\7-Zip 2011-03-26 08:03 . 2011-03-26 08:03 -------- d-----w- c:\documents and settings\Guest.ATLANTIS\Local Settings\Application Data\Panda Security 2011-03-26 08:03 . 2011-03-26 08:03 -------- d-----w- c:\documents and settings\Guest.ATLANTIS\Local Settings\Application Data\{79D7C555-37D9-480E-B714-90D6B35EE03B} 2011-03-26 07:00 . 2011-03-26 07:00 0 ----a-w- c:\windows\Fbudacikofe.bin 2011-03-26 06:57 . 2011-03-26 06:57 149504 --sha-r- c:\windows\system32\smbinstz.dll 2011-03-26 06:57 . 2011-03-26 06:57 149504 --sha-r- c:\windows\system32\c_10000F.dll 2011-03-24 04:43 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-03-24 04:43 . 2011-03-18 17:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-03-24 04:43 . 2011-03-18 17:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-03-24 04:43 . 2011-03-18 17:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-03-24 04:43 . 2011-03-18 17:53 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-03-24 04:43 . 2011-03-18 17:53 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-03-24 04:43 . 2011-03-18 17:53 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-03-24 04:43 . 2011-03-18 17:53 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-03-12 22:20 . 2011-03-12 22:20 -------- d-----w- c:\documents and settings\Midori.ATLANTIS\Local Settings\Application Data\Panda Security 2011-03-11 13:09 . 2011-03-11 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\RegSERVO 2011-03-10 08:07 . 2011-03-10 08:08 -------- dc----w- C:\4ff3ce1b35fd14d537958342742f2058 2011-03-09 05:35 . 2006-07-15 22:20 401510 ----a-w- c:\program files\Mozilla Firefox\extensions\xpcom_core.dll 2011-03-07 15:01 . 2011-03-31 00:12 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2011-03-07 15:00 . 2011-03-07 15:00 -------- d-----w- c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Panda Security 2011-03-07 14:55 . 2011-04-01 17:10 265320 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2011-03-07 14:55 . 2009-09-25 19:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2011-03-07 14:55 . 2009-09-25 19:54 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys 2011-03-07 14:55 . 2009-09-25 19:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2011-03-07 14:55 . 2010-02-19 00:31 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2011-03-07 14:55 . 2009-09-25 19:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2011-03-07 14:55 . 2009-09-25 19:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2011-03-07 14:54 . 2011-03-07 14:54 -------- d-----w- c:\documents and settings\Compaq_Owner.ATLANTIS.000\Application Data\Panda Security 2011-03-07 14:53 . 2009-10-27 17:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2011-03-07 14:53 . 2011-03-07 14:53 -------- d-----w- c:\program files\Common Files\Panda Security 2011-03-07 14:53 . 2009-09-14 21:18 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys 2011-03-05 19:59 . 2011-03-05 19:59 -------- d-----w- c:\documents and settings\Compaq_Owner.ATLANTIS.000\Application Data\Unity 2011-03-05 19:36 . 2011-03-05 19:36 -------- d-----w- c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Unity . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2004-08-04 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2004-08-04 12:00 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2011-03-18 17:53 . 2011-03-24 04:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2010-08-26 988480] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-21 180269] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . c:\documents and settings\Midori.ATLANTIS\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] . c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . c:\documents and settings\Administrator.ISISWISDOM\Start Menu\Programs\Startup\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-21 27136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 17:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk backup=c:\windows\pss\Compaq Connections.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^Compaq Organize.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\Compaq Organize.lnk backup=c:\windows\pss\Compaq Organize.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^eFax 4.4.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\eFax 4.4.lnk backup=c:\windows\pss\eFax 4.4.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.ATLANTIS.000^Start Menu^Programs^Startup^ZooskMessenger.lnk] path=c:\documents and settings\Compaq_Owner.ATLANTIS.000\Start Menu\Programs\Startup\ZooskMessenger.lnk backup=c:\windows\pss\ZooskMessenger.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-12-14 22:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6] 2009-10-08 16:13 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4] c:\program files\eFax Messenger 4.4\J2GDllCmd.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-08-27 04:51 136176 ----atw- c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp] 2005-09-21 17:41 1605740 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtWqIVLZEWZU] c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\Ftl.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2010-12-29 19:15 22490480 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OUU6KC5WPX] c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\Fs4.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] 2010-06-11 15:08 68928 ----a-w- c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-26 22:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Recorder] 2011-01-20 19:21 1335296 ----a-w- c:\program files\Skype Recorder\Skype Recorder.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std] 2006-09-15 18:21 675840 ----a-w- c:\windows\vsnp2std.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2005-12-21 21:01 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std] c:\windows\tsnp2std.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] c:\program files\uTorrent\uTorrent.exe [bU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] 2009-12-23 19:18 2642168 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VXEG3ZNNE5] c:\docume~1\COMPAQ~1.000\LOCALS~1\Temp\Fs5.exe [bU] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Documents and Settings\\Compaq_Owner.ATLANTIS.000\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "24726:TCP"= 24726:TCP:FlipShareServer "24727:TCP"= 24727:TCP:FlipShareServer . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [3/7/2011 10:55 AM 26696] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [3/7/2011 10:55 AM 76296] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [3/7/2011 10:55 AM 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [3/7/2011 10:55 AM 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [3/7/2011 10:55 AM 193800] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [3/7/2011 10:55 AM 159112] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [3/7/2011 10:53 AM 37896] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [3/7/2011 10:55 AM 46856] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [3/7/2011 10:54 AM 59080] R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [3/7/2011 10:53 AM 163336] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2011\psksvc.exe [3/7/2011 10:55 AM 28992] R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [3/7/2011 11:01 AM 13880] R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [3/7/2011 10:54 AM 199688] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [3/25/2010 11:25 AM 30969208] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - FLIPSHARESERVER *NewlyCreated* - FLIPSHARE_SERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-04-03 c:\windows\Tasks\Auslogics Boost Speed Disk Defrag Console Defragmentation.job - c:\program files\Auslogics\Auslogics Disk Defrag\cdefrag.exe [2010-01-17 20:52] . 2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 20:43] . 2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 20:43] . 2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160022376-2454873356-2939394789-1009Core.job - c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 04:51] . 2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3160022376-2454873356-2939394789-1009UA.job - c:\documents and settings\Compaq_Owner.ATLANTIS.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 04:51] . 2011-03-14 c:\windows\Tasks\HPCeeSchedule.job - c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.att.net uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\documents and settings\Compaq_Owner.ATLANTIS.000\Application Data\Mozilla\Firefox\Profiles\9b3jo2ok.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-03 17:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(972) c:\windows\system32\Ati2evxx.dll c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(1976) c:\windows\system32\WININET.dll c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll c:\progra~1\WINDOW~1\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-03 17:15:42 ComboFix-quarantined-files.txt 2011-04-03 21:15 ComboFix2.txt 2011-04-03 06:13 ComboFix3.txt 2011-03-27 04:35 ComboFix4.txt 2009-06-26 00:30 . Pre-Run: 78,067,707,904 bytes free Post-Run: 78,078,476,288 bytes free . - - End Of File - - 71A75C722F728ECC29CE5653B2364D75 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6260 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/3/2011 5:33:45 PM mbam-log-2011-04-03 (17-33-45).txt Scan type: Quick scan Objects scanned: 382109 Time elapsed: 7 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) and i cleaned all temp files...
  12. Filename: smbinst.exe Status: Scan finished. 0 out of 20 scanners reported malware. Scan taken on: Wed 30 Mar 2011 19:01:21 (CET) Permalink Additional info File size: 8192 bytes Filetype: PE32 executable for MS Windows (console) Intel 80386 32-bit MD5: e59ee4d24de74a110a8829fec6c642e4 SHA1: 68ce2d45fc8e0841ec0aa9f91f85bcd6b3f6ca0f Scanners [ArcaVir] 2011-03-30 Found nothing [F-Secure Anti-Virus] 2011-03-30 Found nothing [Avast! antivirus] 2011-03-30 Found nothing [G DATA] 2011-03-30 Found nothing [Grisoft AVG Anti-Virus] 2011-03-30 Found nothing [ikarus] 2011-03-30 Found nothing [Avira AntiVir] 2011-03-30 Found nothing [Kaspersky Anti-Virus] 2011-03-30 Found nothing [softwin BitDefender] 2011-03-30 Found nothing [ESET NOD32] 2011-03-30 Found nothing [ClamAV] 2011-03-30 Found nothing [Panda Antivirus] 2011-03-30 Found nothing [CPsecure] 2011-03-30 Found nothing [Quick Heal] 2011-03-30 Found nothing [Dr.Web] 2011-03-30 Found nothing [sophos] 2011-03-30 Found nothing [Emsisoft Anti-Malware] 2011-03-30 Found nothing [VirusBlokAda VBA32] 2011-03-29 Found nothing [Frisk F-Prot Antivirus] 2011-03-29 Found nothing [VirusBuster] 2011-03-30 Found nothing C:\WINDOWS\system32\c_10000F.dll When I tried to scan this file all 3 websites rejected the file and would not scan them. One site said there was no file to upload the other site just would freeze every time and the other site still keeps saying it's having a server error so unless something is wrong with my browser I can't call why that is happening. I tried a lot of times to get this file scanned. I did find the file it was created on the 26th of this month which was around the time I got the virus and I did at least scan the file with panda and it did not see anything.
  13. There is a problem with the virus scan. Everytime I try to post it into the site it keeps giving me this error that says:Server error! The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there was an error in a CGI script. If you think this is a server error, please contact the. So what next? and I no longer use Mcaffee so please send that tool.
  14. I got my desktop back but the background is still red. So far so good it seems. I removed those other programs as well. Do you see anything else that I might need to do?
  15. Ok I found another free unzip program and used the GMER Rootkit Scanner but oddy enough another road block. I can't seem to paste or attach the results here. I'm going to see if i can email it to you on here.
  16. Ok here is the links reports from virus total C:\WINDOWS\Fmacac.exe http://www.virustotal.com/file-scan/report.html?id=22a195fc8f24c459c8b2462ca6b264343df2468e380065b3a4b7cfb60b2426c3-1301167442 C:\WINDOWS\TEMP\1d63ae.vbs http://www.virustotal.com/file-scan/report.html?id=c84a6ee90e011a060a1609a2d5fbb03c09ed3ac3ea5fa114947cc931c0523d70-1301167270 Here are the reports for DDS . DDS (Ver_11-03-05.01) - NTFSx86 Run by Compaq_Owner at 15:29:27.29 on Sat 03/26/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.84 [GMT -4:00] . AV: Panda Internet Security 2011 *Enabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2011 *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe svchost.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\WINDOWS\System32\svchost.exe -k Akamai C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE C:\Program Files\Panda Security\Panda Internet Security 2011\SRVLOAD.EXE C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\WINDOWS\Fmacac.exe C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OfferBox\OfferBox.exe C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\Ftl.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\OfferBox\OfferBox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\Fs4.exe C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\Local Settings\Temporary Internet Files\Content.IE5\E3QPC5PV\dds[1].scr C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\Fs4.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.att.net uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uDefault_Page_URL = hxxp://www.aol.com/?ncid=customie8 uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.3\dealioToolbarIE.dll uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.3\dealioToolbarIE.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - No File TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.3\dealioToolbarIE.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [OUU6KC5WPX] c:\docume~1\compaq~1.000\locals~1\temp\Fs4.exe mRun: [<NO NAME>] mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe" mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2011\APVXDWIN.EXE" /s mRun: [sCANINICIO] "c:\program files\panda security\panda internet security 2011\Inicio.exe" mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Afuha] rundll32.exe "c:\windows\azekudatugapojuy.dll",Startup mRunOnce: [1d63ae] wscript /B c:\windows\temp\1d63ae.vbs uPolicies-system: DisableTaskMgr = 1 (0x1) mPolicies-system: DisableTaskMgr = 1 (0x1) IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257970715500 DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll Notify: avldr - avldr.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\compaq~1.000\applic~1\mozilla\firefox\profiles\9b3jo2ok.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties FF - component: c:\documents and settings\compaq_owner.atlantis.000\application data\mozilla\firefox\profiles\9b3jo2ok.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\Shim.dll FF - plugin: c:\documents and settings\compaq_owner.atlantis.000\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\compaq_owner.atlantis.000\application data\kalydo\kalydoplayer\npkalydo.dll FF - plugin: c:\documents and settings\compaq_owner.atlantis.000\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\compaq_owner.atlantis.000\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\compaq_owner.atlantis.000\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\compaq_owner.atlantis.000\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\windows\system32\c2mp\npdivx32.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2011-3-7 76296] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2011-3-7 59080] R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2011-3-7 13880] . =============== File Associations =============== . JSEFile=c:\progra~1\pandas~2\pandai~2\PAVSCRIP.EXE "%1" %* VBEFile=c:\progra~1\pandas~2\pandai~2\PAVSCRIP.EXE "%1" %* VBSFile=c:\progra~1\pandas~2\pandai~2\PAVSCRIP.EXE "%1" %* . =============== Created Last 30 ================ . 2011-03-26 07:27:46 162304 ---ha-w- c:\windows\Fmacac.exe 2011-03-26 07:23:14 162304 ---ha-w- c:\windows\Fmacab.exe 2011-03-26 07:07:49 467968 ---ha-w- c:\docume~1\alluse~1\applic~1\19062580.exe 2011-03-26 07:00:00 0 ----a-w- c:\windows\Fbudacikofe.bin 2011-03-26 06:59:37 -------- d--h--w- c:\docume~1\compaq~1.000\locals~1\applic~1\{1B3EA380-DCBC-4216-B27A-6BC260E0A715} 2011-03-26 06:58:29 -------- d--h--w- c:\docume~1\compaq~1.000\applic~1\OfferBox 2011-03-26 06:58:15 -------- d-----w- c:\program files\OfferBox 2011-03-26 06:57:52 545792 ---ha-w- c:\docume~1\alluse~1\applic~1\YmEwGJXgpidLPI.exe 2011-03-26 06:57:34 149504 --sha-r- c:\windows\system32\smbinstz.dll 2011-03-26 06:57:34 149504 --sha-r- c:\windows\system32\c_10000F.dll 2011-03-26 06:57:18 162304 ----a-w- c:\windows\Fmacaa.exe 2011-03-24 04:43:50 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-03-24 04:43:48 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-03-24 04:43:48 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-03-24 04:43:48 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll 2011-03-24 04:43:48 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-03-24 04:43:48 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-03-24 04:43:48 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-03-24 04:43:48 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-03-11 13:09:07 -------- d--h--w- c:\docume~1\alluse~1\applic~1\RegSERVO 2011-03-10 08:07:40 -------- dc----w- C:\4ff3ce1b35fd14d537958342742f2058 2011-03-09 05:35:54 401510 ----a-w- c:\program files\mozilla firefox\extensions\xpcom_core.dll 2011-03-07 15:01:49 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2011-03-07 15:00:07 -------- d--h--w- c:\docume~1\compaq~1.000\locals~1\applic~1\Panda Security 2011-03-07 14:55:46 282696 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2011-03-07 14:55:41 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2011-03-07 14:55:41 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2011-03-07 14:55:41 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys 2011-03-07 14:55:30 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2011-03-07 14:55:30 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2011-03-07 14:55:30 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2011-03-07 14:55:26 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys 2011-03-07 14:55:00 54832 ----a-w- c:\windows\system32\pavcpl.cpl 2011-03-07 14:54:42 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2011-03-07 14:54:30 193792 ----a-w- c:\windows\system32\TpUtil.dll 2011-03-07 14:54:29 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2011-03-07 14:54:29 55552 ----a-w- c:\windows\system32\pavipc.dll 2011-03-07 14:54:29 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2011-03-07 14:54:27 518400 ----a-w- c:\windows\system32\PavSHook.dll 2011-03-07 14:54:21 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys 2011-03-07 14:54:15 55552 ----a-w- c:\windows\system32\avldr.dll 2011-03-07 14:54:14 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys 2011-03-07 14:54:14 -------- d-----w- c:\windows\system32\PAV 2011-03-07 14:54:12 -------- d--h--w- c:\docume~1\compaq~1.000\applic~1\Panda Security 2011-03-07 14:54:12 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Panda Security 2011-03-07 14:53:16 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2011-03-07 14:53:15 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys 2011-03-07 14:53:15 -------- d-----w- c:\program files\common files\Panda Security 2011-03-05 19:59:46 -------- d--h--w- c:\docume~1\compaq~1.000\applic~1\Unity 2011-03-05 19:36:07 -------- d--h--w- c:\docume~1\compaq~1.000\locals~1\applic~1\Unity 2011-03-04 04:28:53 -------- d--h--w- c:\docume~1\compaq~1.000\applic~1\Search Settings 2011-03-04 04:28:47 -------- d-----w- c:\program files\Application Updater 2011-03-04 04:28:46 -------- d-----w- c:\program files\Dealio Toolbar 2011-03-04 04:28:46 -------- d-----w- c:\program files\common files\Spigot 2011-02-28 17:20:57 -------- d-----w- c:\program files\TweetDeck . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 15:32:55.06 =============== here is the attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 11/8/2009 10:38:54 PM System Uptime: 3/26/2011 4:35:42 AM (11 hours ago) . Motherboard: ASUSTek Computer INC. | | Amberine M Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 1969/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 179 GiB total, 71.403 GiB free. D: is FIXED (FAT32) - 7 GiB total, 1.188 GiB free. E: is CDROM (CDFS) F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1: 3/26/2011 3:22:47 AM - System Checkpoint . ==== Installed Programs ====================== . µTorrent 3ivx MPEG-4 5.0.3 (remove only) 5 Card Slingo from Compaq (remove only) 5600 5600_Help 5600Trb aaa Adobe AIR Adobe CMaps CS4 Adobe Default Language CS4 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe PDF Library Files CS4 Adobe Photoshop 7.0 Adobe Reader 9.3.4 Adobe Type Support CS4 Agere Systems PCI-SV92PP Soft Modem AiO_Scan AiOSoftware Akamai NetSession Interface Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft VideoImpression 2 Artisteer 2 AstroPop Deluxe from Compaq (remove only) ATI Control Panel ATI Display Driver att.net Internet Mail Auslogics Disk Defrag Barnyard Invasion from Compaq (remove only) Bejeweled 2 Deluxe from Compaq (remove only) Blackhawk Striker 2 from Compaq (remove only) Blasterball 2 from Compaq (remove only) Blasterball 2 Remix from Compaq (remove only) Boggle Supreme from Compaq (remove only) Bonjour Bookworm Deluxe from Compaq (remove only) Bounce Symphony from Compaq (remove only) BufferChm Chuzzle Deluxe from Compaq (remove only) Comcast High-Speed Internet Install Wizard Compaq Connections (remove only) Compaq Game Console and games Compaq Multimedia Keyboard Software Compaq Organize Compatibility Pack for the 2007 Office system Conduit Engine Corel Painter X CP_AtenaShokunin1Config CP_CalendarTemplates1 cp_LightScribeConfig cp_LightScribePlugin CP_Package_Basic1 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CP_Panorama1Config Crystal Maze from Compaq (remove only) CueTour Customer Experience Enhancement CustomerResearchQFolder Dealio Toolbar v4.3 Definition update for Microsoft Office 2010 (KB982726) Destinations DivX Plus Web Player DocProc Easy Internet Sign-up Facebook Plug-In Family Feud FATE from Compaq (remove only) Fax FileZilla Client 3.3.2.1 FlipShare Flock (2.6.2) FullDPAppQFolder Google Talk Plugin Google Toolbar for Internet Explorer High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Boot Optimizer HP Extended Capabilities 5.3 HP Image Zone 5.3 HP Image Zone Express HP Imaging Device Functions 5.3 HP PSC & OfficeJet 5.3.B HP Support Overview HP Update HpSdpAppCoreApp ICQ7.2 Insaniquarium Deluxe from Compaq (remove only) InstantShareDevices InterVideo WinDVD Player iTunes Japanese Language Support Java Auto Updater Java 6 Update 23 jZip Kalydo Player 3.08.01 Lemonade Tycoon 2 from Compaq (remove only) Lexibox Deluxe from Compaq (remove only) LightScribe 1.4.52.1 Mah Jong Quest from Compaq (remove only) MarketResearch Media Player Codec Pack 3.9.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Money 2005 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Works MobileMe Control Panel Mozilla Firefox 4.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NewCopy OfferBox Browser ooVoo OpenOffice.org 3.1 Panda Internet Security 2011 Panda Secure Vault 5 PC-Doctor 5 for Windows PC Pitstop Exterminate2 2.0 PhotoGallery Picasa 3 Polar Bowler from Compaq (remove only) Polar Golfer from Compaq (remove only) ProductContext Puzzle Express from Compaq (remove only) Python 2.2 pywin32 extensions (build 203) Python 2.2.3 Quicken 2006 QuickTime RandMap Readme RealPlayer RedMon - Redirection Port Monitor Remove WeatherBug Installer Ricochet Lost Worlds from Compaq (remove only) Safari Scan ScannerCopy SCRABBLE from Compaq (remove only) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft Office 2010 (KB2289078) Security Update for Microsoft Office 2010 (KB2289161) Security Update for Microsoft Publisher 2010 (KB2409055) Security Update for Microsoft Word 2010 (KB2345000) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shooting Stars Pool from Compaq (remove only) Shrek 2 Ogre Bowler from Compaq (remove only) SkinsHP1 Skype Recorder Skype™ 5.1 Slingo Deluxe from Compaq (remove only) Snowboard SuperJam from Compaq (remove only) Sonic Express Labeler Sonic MyDVD Plus Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Sonic Update Manager Sonic_PrimoSDK Status Super Granny from Compaq (remove only) Tradewinds from Compaq (remove only) TrayApp TweetDeck Unity Web Player Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2202188) Update for Microsoft Office 2010 (KB2413186) Update for Microsoft OneNote 2010 (KB2493983) Update for Microsoft Outlook Social Connector (KB2289116) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB2.0 PC Camera (SN9C201&202) uTorrentBar Toolbar VC80CRTRedist - 8.0.50727.4053 Veoh Video Compass Veoh Web Player WebFldrs XP Wiley CulinarE-Companion Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinHTTrack Website Copier 3.43-9C XML Copy Editor 1.0.8.2 Yahoo! Messenger YouTube Downloader 2.6.1 Zoosk Messenger Zuma Deluxe from Compaq (remove only) . ==== Event Viewer Messages From Past Week ======== . 3/26/2011 3:22:31 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified. . ==== End Of File =========================== The last part you told me to do I'm having a issue with unzipping the contents of the rootkit to run it. An C+ error runtime box and says that the program I'm using to unzip the file is asking to close it in an unusual way. I use j-zip I do not have winzip or the money to purchase it at the moment. Any other suggestions?
  17. I am but i have a feeling not for long. But yes it's the same computer.
  18. Greetings, I lost my desktop it is now red with ony two icons on the desktop. The startup box comes up and says the configuraton has changed. When I check the start up two rundll32.exe come up associated with some strange lettering. I can't even access the system restore and my computer is slow and memory error keeps coming up here is my hijack this log. Windows xp and im using the latest panda antivirus 2011. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:34:19 AM, on 3/26/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Flip Video\FlipShare\FlipShareService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PSIService.exe c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE C:\Program Files\Panda Security\Panda Internet Security 2011\SRVLOAD.EXE C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\Ftl.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe C:\WINDOWS\Fmacac.exe C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\Fs4.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OfferBox\OfferBox.exe C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Compaq_Owner.ATLANTIS.000\Local Settings\Temporary Internet Files\Content.IE5\ODIVK9MN\HijackThis[1].exe C:\Program Files\Panda Security\Panda Internet Security 2011\psimreal.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: OfferBox - {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - C:\Program Files\OfferBox\OfferBoxBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file) O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.3\dealioToolbarIE.dll O4 - HKLM\..\Run: [searchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Afuha] rundll32.exe "C:\WINDOWS\azekudatugapojuy.dll",Startup O4 - HKLM\..\RunOnce: [1d63ae] wscript /B C:\WINDOWS\TEMP\1d63ae.vbs O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OUU6KC5WPX] C:\DOCUME~1\COMPAQ~1.000\LOCALS~1\Temp\Fs4.exe O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257970715500 O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe -- End of file - 14586 bytes
  19. This is the official error that I got the first time you had helped me Juliet. DETAIL - The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format. When I did all that work you had told me to do the first time that was the original error. Now it just does it every time I sign in but what I do is just let the box that pops up time out instead of clicking ok and my desk top that have now reloads back up. But that is not normal. Now that you have seen the actual error do you want me to still do what you told me to do in the last previous post?
  20. I was on here about a month and some change ago and I lost my entire desktop again. The problem is when I would log on to windows xp on the administrator acct a tan box would come up and say "we have to restore your desktop to default, a file in the registry is not a registry file and then it would do a count down. Now what I would do is restart my computer and log in and then it would let me access my normal desktop. This time that trick did not work and it completely restored my desktop and now I lost everything. I do not know how to find my old desktop with the new one can you assist me. I went back to my old posts and that was the same problem I had before but I don't ever recall explaining to juliet that it was giving me a registry error.
  21. Let me make a correction, I did not delete the file I just clicked fixed with that program but it is still there. I'm using firefox the latest version and I took google chrome off my computer. I use compaq with windows xp with service 3pak. Sorry for the confusion.
  22. Greetings, I had experienced clicking on a link and this mypersonalscanner thing came up and told me that my computer was infected and it tried to download something. I was using google chrome at the time when google asked me did I want to download it i clicked no. How ever 2 days later I get on my computer today and when I log on to my desk top this box came up and said that I was going to lose my content and that something was wrong with my desktop. If the problem persisted contact the system administrator. It did a count down of 30 seconds after that my screen came on red and then blue and all of my content on my desktop came up missing except the regular stuff. It appears that the desktop has been wiped clean. How ever I clicked run just to see if some of my old files were on the computer and some of them were. I pretty much did search for winlogon on my computer and I did find it. I'm not sure if that was the cause but I pretty much did what you instructed what this young lady to do. I noticed a cloaker executable file after I rad the hijack this program. here is the log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:26:50 PM, on 6/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Security\Panda Internet Security 2009\psimreal.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199257270968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe O23 - Service: Google Update Service (gupdate1c9df0bc8ebfaf4) (gupdate1c9df0bc8ebfaf4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe -- End of file - 11080 bytes I deleted the cloaker executable after I did research on the file. I did a restart how ever my desktop still looks the same and non of my old content has been restored.
×
×
  • Create New...