My Anti Spyware

by **12056** » Wed Apr 13, 2011 12:05 am

Please download and run RKill.
Once downloaded, Run it.
A black box will open and when it is finished a log will be produced...

Please post the RKill log file for review!

by **rickrogers** » Wed Apr 13, 2011 5:29 pm

rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 13/04/2011 at 18:25:53.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 13/04/2011 at 18:26:16.

by **12056** » Thu Apr 14, 2011 2:44 pm

Logs look ok, how's your computer?

by **rickrogers** » Fri Apr 15, 2011 5:54 pm

Still a no-go on the internet front. Won't even open the start page (Goolge) and gets re-directed when navigating. Can get some sites by writing adress into address bar.
Oh, and the updates or windows, antivirus, etc won't work (they get so far, then don't think they're connected)
R

by **12056** » Fri Apr 15, 2011 10:36 pm

Please download OTL from here.
Save it to your desktop.
Double-Click the

Icon.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Then, Click the "Run Scan" button.

Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

by **rickrogers** » Sun Apr 17, 2011 11:21 am

Log files.
Thnaks for your contined support.
R

OTL logfile created on: 17/04/2011 12:16:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 581.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.51 Gb Total Space | 216.10 Gb Free Space | 95.83% Space Free | Partition Type: NTFS
Drive D: | 7.35 Gb Total Space | 1.73 Gb Free Space | 23.60% Space Free | Partition Type: FAT32
Drive F: | 1.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROGERSHOME | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/17 11:59:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2006/11/18 03:52:10 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2005/08/09 05:10:20 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2005/08/09 05:10:18 | 000,016,384 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/08/09 05:04:42 | 000,699,392 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2005/08/03 00:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/07/11 19:34:06 | 000,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005/06/17 02:25:28 | 000,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005/05/11 08:50:42 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2005/03/30 08:03:26 | 000,083,584 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\ISSVC.exe
PRC - [2005/03/24 22:20:34 | 000,127,088 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
PRC - [2005/03/05 00:41:08 | 000,161,392 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/03/05 00:41:04 | 000,239,216 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2005/03/05 00:41:00 | 000,185,968 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/03/05 00:40:58 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/02/26 03:33:30 | 000,206,552 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2004/11/03 00:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/18 09:00:00 | 000,213,390 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

========== Modules (SafeList) ==========

MOD - [2011/04/17 11:59:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2005/08/09 05:10:16 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2005/03/11 23:39:34 | 000,198,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll
MOD - [2004/08/11 02:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2005/03/30 08:03:26 | 000,083,584 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)
SRV - [2005/03/24 22:20:34 | 000,127,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - [2005/03/05 00:41:08 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/03/05 00:41:08 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/03/05 00:41:04 | 000,239,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/03/05 00:41:00 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/02/26 03:45:26 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/02/26 03:33:30 | 000,206,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/02/18 03:01:58 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - [2004/11/03 00:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/09/29 20:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\HP_Administrator\Local Settings\Temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2005/09/28 09:44:33 | 002,777,472 | ---- | M] (ASUSTek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005/08/10 13:35:00 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/09 04:54:36 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/08/09 04:54:34 | 000,439,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/08/09 04:54:28 | 001,093,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/08/09 04:54:20 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/08/09 04:54:16 | 000,142,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/08/09 04:54:16 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/08/09 04:54:12 | 000,501,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/14 08:18:48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/06/29 07:43:40 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/06/20 09:00:00 | 000,632,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050620.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2005/06/20 09:00:00 | 000,073,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050620.007\NAVENG.SYS -- (NAVENG)
DRV - [2005/03/07 23:57:38 | 000,123,208 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/03/05 02:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/03/04 02:58:40 | 000,293,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20050303.027\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2005/02/26 03:45:26 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/26 03:32:52 | 000,268,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/02/26 03:32:48 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/02/26 03:32:46 | 000,036,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2005/02/26 03:32:44 | 000,047,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2005/02/26 03:32:42 | 000,173,176 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2005/02/26 03:32:40 | 000,011,544 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005/02/05 04:14:32 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/05 04:14:30 | 000,324,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/01/07 08:08:46 | 000,449,920 | ---- | M] (Liteon Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wn5401.sys -- (WN5401)
DRV - [2004/08/04 12:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 07:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:///google.co.uk
IE - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011/04/10 11:19:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-205719259-3630763428-3528347532-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\xigvlkpk\cdvhpbso.exe) - C:\Program Files\xigvlkpk\cdvhpbso.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/12/07 08:51:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/06/21 13:55:22 | 000,806,912 | R--- | M] (Ion Storm) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2003/10/10 11:52:58 | 000,000,052 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/17 12:03:12 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/04/15 19:00:33 | 000,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2011/04/15 19:00:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/04/15 18:56:14 | 012,399,552 | ---- | C] (Mozilla) -- C:\Documents and Settings\HP_Administrator\Desktop\Firefox Setup 4.0.exe
[2011/04/15 18:51:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\UserData
[2011/04/13 18:29:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/12 20:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2011/04/12 20:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/11 20:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Adobe
[2011/04/11 20:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
[2011/04/11 20:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\xigvlkpk
[2011/04/11 20:18:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/04/10 11:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia
[2011/04/10 11:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\HPQ
[2011/04/10 11:23:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/07 19:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2011/04/06 13:50:14 | 000,733,626 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/04/06 13:50:12 | 000,613,884 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2011/04/06 13:50:10 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/04/04 19:12:19 | 000,164,199 | ---- | C] (Whole Tomato Software, Inc.) -- C:\WINDOWS\System32\notepadmgr.exe
[2011/04/04 18:09:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/04 18:09:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/04 18:09:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/04 18:09:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/04 18:09:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/04 18:08:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/03 18:01:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/04/03 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/03 18:01:03 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2011/03/28 03:54:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386
[2011/03/28 03:48:29 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/03/28 03:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop\User's Guides
[2011/03/28 03:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/03/28 03:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/03/28 03:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/03/28 03:48:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/03/28 03:48:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/03/28 03:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/03/28 03:48:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/03/28 03:48:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/03/28 03:47:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/03/28 03:47:07 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/03/28 03:47:04 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/03/28 03:46:31 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/03/27 21:15:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
[2011/03/27 21:15:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator\Cookies
[2011/03/27 21:15:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\SendTo
[2011/03/27 21:15:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Application Data
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Pictures
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Music
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\My Documents
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Favorites
[2011/03/27 21:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Accessories
[2011/03/27 21:15:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Templates
[2011/03/27 21:15:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\PrintHood
[2011/03/27 21:15:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\NetHood
[2011/03/27 21:15:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Real
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Online Services
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Identities
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Creative
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Apple Computer
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
[2011/03/27 21:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2011/03/27 21:13:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/27 21:11:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/03/27 20:18:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/27 20:18:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/03/27 20:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/03/27 20:18:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2006/11/18 04:04:13 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/11/18 04:04:13 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE

========== Files - Modified Within 30 Days ==========

[2011/04/17 12:15:20 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/04/17 11:59:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/04/15 19:22:29 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000004-00001102-00000005-00241102}.rfx
[2011/04/15 19:22:29 | 000,054,780 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000004-00001102-00000005-00241102}.rfx
[2011/04/15 19:22:29 | 000,054,780 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000004-00001102-00000005-00241102}.rfx
[2011/04/15 19:22:29 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/15 19:22:29 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/15 19:00:33 | 000,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX
[2011/04/15 18:56:15 | 012,399,552 | ---- | M] (Mozilla) -- C:\Documents and Settings\HP_Administrator\Desktop\Firefox Setup 4.0.exe
[2011/04/13 18:34:28 | 000,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/04/13 18:34:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/13 18:34:07 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 18:23:08 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.com
[2011/04/12 20:24:28 | 014,494,128 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SAS_82757901.COM
[2011/04/12 20:24:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/11 19:57:14 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\avenger.zip
[2011/04/10 11:32:12 | 000,002,849 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Help and Support.lnk
[2011/04/10 11:19:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/10 11:12:49 | 004,317,630 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/04/06 13:34:34 | 000,733,626 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2011/04/06 13:34:12 | 000,613,884 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2011/04/06 13:34:06 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.exe
[2011/04/05 17:28:18 | 000,164,199 | ---- | M] (Whole Tomato Software, Inc.) -- C:\WINDOWS\System32\notepadmgr.exe
[2011/04/03 18:01:18 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2011/04/02 08:36:56 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2011/04/01 19:27:17 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/27 21:17:32 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/27 21:17:26 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/03/27 21:17:20 | 000,001,917 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EJ151AA-ABU m7281.uk_YC_0Pavi_QCZB546_E54GBemMPC3_48_IPuffer2_SASUSTeK Computer INC._V1.xx_B3.26_T050930_WXP2_L409_M1024_J250_7Intel_8Pentium 4_93.2_#080225_N10EC8139_Z_G10025B62.MRK
[2011/03/27 21:17:09 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/03/27 21:14:43 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/27 21:14:20 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2011/03/27 20:24:08 | 000,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
[2011/03/27 20:20:00 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 20:20:00 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/27 20:18:34 | 000,000,281 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/04/13 18:25:42 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\rkill.com
[2011/04/12 20:21:54 | 014,494,128 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SAS_82757901.COM
[2011/04/11 19:57:06 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\avenger.zip
[2011/04/10 11:12:35 | 004,317,630 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/04/04 18:09:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/04 18:09:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/04 18:09:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/04 18:09:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/04 18:09:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/03 18:01:18 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2011/03/28 03:55:53 | 000,000,247 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/03/27 21:17:17 | 000,001,917 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_EJ151AA-ABU m7281.uk_YC_0Pavi_QCZB546_E54GBemMPC3_48_IPuffer2_SASUSTeK Computer INC._V1.xx_B3.26_T050930_WXP2_L409_M1024_J250_7Intel_8Pentium 4_93.2_#080225_N10EC8139_Z_G10025B62.MRK
[2011/03/27 21:17:16 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/27 21:17:08 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2011/03/27 21:15:42 | 000,002,849 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Help and Support.lnk
[2011/03/27 21:15:42 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/27 21:15:42 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/03/27 21:15:42 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2011/03/27 21:15:42 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/27 21:15:42 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/03/27 21:15:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/27 21:15:41 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2011/03/27 21:15:39 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/03/27 21:15:39 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/03/27 21:15:39 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/03/27 21:15:39 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Outlook Express.lnk
[2011/03/27 21:14:30 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/27 21:14:30 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/03/27 21:14:30 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Software Repair Wizard.lnk
[2011/03/27 20:24:08 | 000,000,570 | ---- | C] () -- C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
[2011/03/27 20:18:33 | 000,000,211 | RHS- | C] () -- C:\BOOT.BAK
[2011/03/27 20:18:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2006/11/18 05:05:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/18 04:45:48 | 000,017,156 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/11/18 04:45:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/11/18 04:40:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/11/18 04:40:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/11/18 04:40:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/11/18 04:40:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/11/18 04:40:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/11/18 04:40:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/11/18 04:37:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/18 04:31:26 | 000,112,870 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2006/11/18 04:31:26 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/11/18 04:25:44 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/11/18 04:25:44 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/11/18 04:23:29 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/11/18 04:23:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/11/18 04:22:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/18 04:09:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006/11/18 04:07:03 | 000,046,622 | ---- | C] () -- C:\WINDOWS\System32\hpxfi32.ini
[2006/11/18 04:07:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2006/11/18 04:07:03 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/11/18 04:04:14 | 000,366,041 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2006/11/18 04:04:14 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2006/11/18 04:04:14 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/11/18 04:04:14 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/11/18 04:04:14 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/11/18 04:04:14 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/11/18 04:04:14 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2006/11/18 04:04:13 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/11/18 04:04:13 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/11/18 04:04:13 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/11/18 04:04:13 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/11/18 04:01:04 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/11/18 03:49:13 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/18 02:57:50 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/11/18 02:57:35 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/11/18 02:57:35 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/11/18 02:57:31 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/11/18 02:57:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/11/18 02:57:19 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/11/18 02:56:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/11/18 02:56:51 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/11/18 02:56:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/11/18 02:56:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/11/18 02:55:44 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/10/07 02:51:42 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/10/07 02:51:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/10/07 02:51:25 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/22 00:47:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/05/10 00:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2004/12/07 09:02:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/12/07 08:57:04 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/12/07 08:57:04 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/12/07 08:54:50 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/12/07 08:50:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/07 08:46:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/09 11:37:36 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

OTL Extras logfile created on: 17/04/2011 12:16:55 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 581.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.51 Gb Total Space | 216.10 Gb Free Space | 95.83% Space Free | Partition Type: NTFS
Drive D: | 7.35 Gb Total Space | 1.73 Gb Free Space | 23.60% Space Free | Partition Type: FAT32
Drive F: | 1.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROGERSHOME | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FIREWALLDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{523E6F2A-2D59-4D91-90E8-6C49931C9F50}" = iTunes
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5677563D-0CB1-485f-9E18-C5025306BB3F}" = Norton AntiSpam
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{69CF01AD-9E35-4BD7-9036-7B8478BEB839}" = HPTunesAddIn
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D54193B7-D2DF-4977-B546-86CA48DB214E}" = HP Tunes
"{D8F6834B-D5E7-4451-8681-B051ABD8561D}" = ccCommon
"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" = CC_ccProxyExt
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FC08587A-4F01-4188-819F-F55880022917}" = ccPxyCore
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"InstallShield_{523E6F2A-2D59-4D91-90E8-6C49931C9F50}" = iTunes
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2005 (Symantec Corporation)
"Windows Media Format Runtime" = Windows Media Format Runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/04/2011 15:03:05 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 10/04/2011 06:08:48 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 10/04/2011 06:19:25 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 11/04/2011 15:01:18 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 11/04/2011 15:18:38 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 11/04/2011 15:20:55 | Computer Name = ROGERSHOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x05794a80.

Error - 11/04/2011 15:20:59 | Computer Name = ROGERSHOME | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/04/2011 15:24:16 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 12/04/2011 15:50:01 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

Error - 13/04/2011 13:34:21 | Computer Name = ROGERSHOME | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0x80040265) 713x BDA Analog TV Tuner

[ System Events ]
Error - 10/04/2011 06:10:12 | Computer Name = ROGERSHOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/04/2011 06:20:31 | Computer Name = ROGERSHOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HELEN-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{76B7F68F-F8A1-4608-. The master browser is stopping or an election
is being forced.

Error - 11/04/2011 15:18:44 | Computer Name = ROGERSHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde ViaIde

Error - 12/04/2011 15:25:41 | Computer Name = ROGERSHOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 12/04/2011 15:27:45 | Computer Name = ROGERSHOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HELEN-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{76B7F68F-F8A1-4608-. The master browser is stopping or an election
is being forced.

Error - 12/04/2011 15:51:45 | Computer Name = ROGERSHOME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
HELEN-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{76B7F68F-F8A1-4608-. The master browser is stopping or an election
is being forced.

Error - 13/04/2011 13:17:19 | Computer Name = ROGERSHOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ehRecvr service.

Error - 15/04/2011 13:50:40 | Computer Name = ROGERSHOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ehRecvr service.

Error - 15/04/2011 14:01:43 | Computer Name = ROGERSHOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 17/04/2011 06:58:50 | Computer Name = ROGERSHOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ehRecvr service.

< End of report >

by **12056** » Sun Apr 17, 2011 9:02 pm

Please delete the version of Combofix you have on your Desktop, and download the new version:

Please download ComboFix from here.
Close your browser, and Double-Click on the tiger icon.
Let ComboFix run unhindered, mouse clicks may cause it to stall.
Your computer may restart, after the scan, this is normal.

Please post the ComboFix log, it will appear after the restart.

by **rickrogers** » Mon May 02, 2011 2:27 pm

Been away...here's the log.R

ComboFix 11-05-01.04 - HP_Administrator 02/05/2011 15:20:16.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.605 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 13:55 . 2011-05-02 13:55 -------- d-----w- c:\windows\system32\LogFiles
2011-04-15 18:00 . 2011-04-15 18:00 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-04-15 18:00 . 2011-04-15 18:00 -------- d-sh--w- c:\windows\ftpcache
2011-04-15 17:51 . 2011-04-15 17:51 -------- d-s---w- c:\documents and settings\HP_Administrator\UserData
2011-04-12 19:27 . 2011-04-12 19:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-04-12 19:27 . 2011-04-12 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-11 19:20 . 2011-04-11 19:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Adobe
2011-04-11 19:18 . 2011-04-11 19:18 -------- d-----w- c:\program files\xigvlkpk
2011-04-10 10:32 . 2011-04-10 10:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2011-04-07 18:55 . 2011-04-07 18:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec
2011-04-04 18:12 . 2011-04-05 16:28 164199 ----a-w- c:\windows\system32\notepadmgr.exe
2011-04-03 17:01 . 2011-04-03 17:01 -------- d-----w- c:\program files\Trend Micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2006-11-18 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 213390]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-09 18944]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 217445]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-05-05 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 48752]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 217617]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-18 266695]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/11/2006 04:09 2777472]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [18/11/2006 04:09 449920]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 21:21]
.
2011-05-02 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-11-18 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp:///google.co.uk
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-02 15:23
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe 164199 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-02 15:24:49
ComboFix-quarantined-files.txt 2011-05-02 14:24
ComboFix2.txt 2011-04-07 19:08
ComboFix3.txt 2011-04-07 18:32
ComboFix4.txt 2011-04-05 16:16
ComboFix5.txt 2011-04-10 10:13
.
Pre-Run: 231,996,055,552 bytes free
Post-Run: 232,113,238,016 bytes free
.
- - End Of File - - 303BC51822EFECAEF51E84E3C593C89D

by **12056** » Mon May 02, 2011 11:19 pm

Please open Notepad
Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: Select all: KillAll:: Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] Folder:: c:\program files\xigvlkpk File:: c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe Reboot::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt

by **rickrogers** » Tue May 03, 2011 8:00 pm

As directed. PC seems the same...

ComboFix 11-05-03.02 - HP_Administrator 03/05/2011 20:49:22.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.568 [GMT 1:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
AV: Norton Internet Security *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe
c:\program files\Internet Explorer\IEXPLOREmgr.exe
c:\program files\xigvlkpk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 19:53 . 2011-05-03 19:53 -------- d-----w- c:\program files\xigvlkpk
2011-05-02 13:55 . 2011-05-02 13:55 -------- d-----w- c:\windows\system32\LogFiles
2011-04-15 18:00 . 2011-04-15 18:00 917504 ----a-w- c:\windows\system32\FLASH.OCX
2011-04-15 18:00 . 2011-04-15 18:00 -------- d-sh--w- c:\windows\ftpcache
2011-04-15 17:51 . 2011-04-15 17:51 -------- d-s---w- c:\documents and settings\HP_Administrator\UserData
2011-04-12 19:27 . 2011-04-12 19:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-04-12 19:27 . 2011-04-12 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-11 19:20 . 2011-04-11 19:20 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Adobe
2011-04-10 10:32 . 2011-04-10 10:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2011-04-07 18:55 . 2011-04-07 18:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Symantec
2011-04-04 18:12 . 2011-04-05 16:28 164199 ----a-w- c:\windows\system32\notepadmgr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2006-11-18 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 213390]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-17 49152]
"CTHelper"="CTHELPER.EXE" [2005-08-09 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-09 18944]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 217445]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-18 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-05-05 278528]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-04 48752]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 217617]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-18 266695]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\xigvlkpk\cdvhpbso.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18/11/2006 04:09 2777472]
R3 WN5401;Liteon Wireless LAN PCI 802.11 a/b/g adapter WN5401A;c:\windows\system32\drivers\wn5401.sys [18/11/2006 04:09 449920]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 21:21]
.
2011-05-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-11-18 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp:///google.co.uk
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-03 20:53
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe 164199 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\arservice.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-05-03 20:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-03 19:55
ComboFix2.txt 2011-05-02 14:24
ComboFix3.txt 2011-04-07 19:08
ComboFix4.txt 2011-04-07 18:32
ComboFix5.txt 2011-05-03 19:48
.
Pre-Run: 232,017,965,056 bytes free
Post-Run: 232,012,247,040 bytes free
.
- - End Of File - - CAC5F704F9046B8B7ED69F63C0A95877

by **12056** » Tue May 03, 2011 10:45 pm

It appears combofix is having a hard time removing the rootkit...

Download "The Avenger" from here.

In the box, copy and paste:

Code: Select all: Folders to delete: c:\program files\xigvlkpk Files to delete: c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe

And Run the Script.
A log file will be produced, please post the log file, to ensure removal.

by **rickrogers** » Wed May 04, 2011 5:00 pm

Says it's deleted files and not found rootkit, but PC still the same (again!)

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\program files\xigvlkpk" deleted successfully.
File "c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\cdvhpbso.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

by **12056** » Wed May 04, 2011 7:17 pm

Good, "The Avenger" was able to successfully unhook those files!

Update and Scan with SuperAntiSpyware, they just released a definition update for a problem similar to yours!

by **rickrogers** » Thu May 05, 2011 10:37 am

Full scan with Super found (& destroyed) trojan.Agent/GenInjector. Re scanned & found nothing more.
However PC still same...

by **12056** » Thu May 05, 2011 10:33 pm

Could you explain how it is "the same", so that I can better assist you... Thanks!

My Anti Spyware

exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Re: exploit.win32 removal

Who is online