Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Computer taken over ?

(In Progress)
(!)

davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
27-Jul-2012, 02:45 PM #1
Computer taken over ?
I noticed lately several emails coming back as non-delivered indicating my computer was sending emails out to addresses - not me - my computer (although the address indicating where it came from was not my address - however it was the correct ending after the @ symbol). For instance, my email is abc@xyz.net. The non-delivered email came from def@xyz.net.

Also, my computer is really running slowly.

I think I may be infected.

Enclosed is the hijack file, the dds file, and the attach file. When I tried to scan using GMER it ran for 2 hours and then froze so I can't get that one. Hope you can explain how to do this better.

Thank you for your assistance ----


Dave




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:28:32 AM, on 7/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\wspan\swgw\FilterAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.wspan.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60288
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Worldspan Go!
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\wspan\GoRes\IEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.worldspan.com
O15 - Trusted Zone: http://*.worldspan.com
O15 - Trusted Zone: *.wspan.com
O15 - Trusted Zone: http://*.wspan.com
O16 - DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} (WSEmul Control) - https://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} (Calendar Control 8.0) - https://gopublic.wspan.com/Secure/DLLs/mscal.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - https://gopublic.wspan.com/Secure/DLLs/Comdlg32.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 8523 bytes



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 8:34:23 on 2012-07-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.74 [GMT -5:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\wspan\swgw\FilterAgent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://home.wspan.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60288
uStart Page = hxxp://google.com/
uWindow Title = Microsoft Internet Explorer provided by Worldspan Go!
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\wspan\gores\IEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [srmclean] c:\cpqs\scom\srmclean.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\worlds~1.lnk - c:\wspan\swgw\FilterAgent.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
Trusted Zone: arccorp.com\myarc
Trusted Zone: hobbittravel.net\mail
Trusted Zone: lcbahoops.org\www
Trusted Zone: worldspan.com
Trusted Zone: wspan.com
Trusted Zone: wspan.com\gopublic
DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} - hxxps://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8E27C92B-1264-101C-8A2F-040224009C02} - hxxps://gopublic.wspan.com/Secure/DLLs/mscal.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - hxxps://gopublic.wspan.com/Secure/DLLs/Comdlg32.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F0B7580F-742D-4CC3-8C0F-3F014E729893} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-25 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-23 136176]
.
=============== Created Last 30 ================
.
2012-07-25 18:45:50 -------- d-----w- c:\windows\system32\NtmsData
2012-07-25 15:14:22 -------- d-----w- c:\windows\system32\cache
2012-07-24 16:40:01 -------- d-----w- c:\documents and settings\administrator\application data\AVG
2012-07-24 15:05:51 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012
2012-07-24 14:59:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG Secure Search
2012-07-24 14:59:04 -------- d-----w- c:\documents and settings\administrator\application data\AVG Secure Search
2012-07-24 14:58:58 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-07-24 14:58:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-24 14:58:47 -------- d-----w- c:\program files\AVG Secure Search
2012-07-24 14:52:14 -------- d--h--w- C:\$AVG
2012-07-24 14:52:12 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-24 14:52:12 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-07-24 14:49:16 -------- d-----w- c:\program files\AVG
2012-07-24 14:46:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2012-07-17 16:13:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 16:13:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 13:03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-18 13:03:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 13:03:30 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 8:36:16.18 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/23/2009 4:21:45 PM
System Uptime: 7/26/2012 9:29:22 AM (23 hours ago)
.
Motherboard: Hewlett-Packard | | 085Ch
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | XU1 PROCESSOR | 2394/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 22.389 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP884: 6/6/2012 3:21:20 AM - System Checkpoint
RP885: 6/7/2012 5:21:21 AM - System Checkpoint
RP886: 6/8/2012 7:21:20 AM - System Checkpoint
RP887: 6/9/2012 9:21:20 AM - System Checkpoint
RP888: 6/10/2012 11:21:17 AM - System Checkpoint
RP889: 6/11/2012 11:55:44 AM - System Checkpoint
RP890: 6/12/2012 12:01:34 PM - System Checkpoint
RP891: 6/13/2012 3:00:18 AM - Software Distribution Service 3.0
RP892: 6/14/2012 3:44:49 AM - System Checkpoint
RP893: 6/15/2012 3:49:18 AM - System Checkpoint
RP894: 6/16/2012 5:49:18 AM - System Checkpoint
RP895: 6/17/2012 7:49:18 AM - System Checkpoint
RP896: 6/18/2012 8:02:29 AM - Removed Java(TM) 6 Update 31
RP897: 6/18/2012 8:03:08 AM - Installed Java(TM) 6 Update 33
RP898: 6/19/2012 10:57:59 AM - System Checkpoint
RP899: 6/20/2012 3:46:34 PM - System Checkpoint
RP900: 6/21/2012 6:36:02 PM - System Checkpoint
RP901: 6/22/2012 6:43:44 PM - System Checkpoint
RP902: 6/23/2012 8:42:38 PM - System Checkpoint
RP903: 6/24/2012 10:42:35 PM - System Checkpoint
RP904: 6/26/2012 12:41:52 AM - System Checkpoint
RP905: 6/27/2012 2:41:49 AM - System Checkpoint
RP906: 6/28/2012 7:35:53 AM - System Checkpoint
RP907: 6/29/2012 11:07:43 AM - System Checkpoint
RP908: 6/30/2012 11:24:29 AM - System Checkpoint
RP909: 7/1/2012 1:24:25 PM - System Checkpoint
RP910: 7/2/2012 6:33:05 PM - System Checkpoint
RP911: 7/3/2012 7:24:42 PM - System Checkpoint
RP912: 7/4/2012 9:24:38 PM - System Checkpoint
RP913: 7/5/2012 10:45:34 AM - Software Distribution Service 3.0
RP914: 7/5/2012 10:54:11 AM - Software Distribution Service 3.0
RP915: 7/5/2012 11:00:45 AM - Software Distribution Service 3.0
RP916: 7/5/2012 11:34:40 AM - Software Distribution Service 3.0
RP917: 7/6/2012 1:00:28 AM - Software Distribution Service 3.0
RP918: 7/6/2012 11:46:02 AM - Software Distribution Service 3.0
RP919: 7/7/2012 11:44:35 AM - Software Distribution Service 3.0
RP920: 7/8/2012 11:44:33 AM - Software Distribution Service 3.0
RP921: 7/9/2012 11:47:45 AM - Software Distribution Service 3.0
RP922: 7/10/2012 11:45:42 AM - Software Distribution Service 3.0
RP923: 7/11/2012 3:00:22 AM - Software Distribution Service 3.0
RP924: 7/11/2012 3:36:54 AM - Software Distribution Service 3.0
RP925: 7/12/2012 3:00:22 AM - Software Distribution Service 3.0
RP926: 7/12/2012 3:37:07 AM - Software Distribution Service 3.0
RP927: 7/13/2012 1:09:31 AM - Software Distribution Service 3.0
RP928: 7/14/2012 1:26:16 AM - System Checkpoint
RP929: 7/14/2012 3:36:18 AM - Software Distribution Service 3.0
RP930: 7/15/2012 3:36:34 AM - Software Distribution Service 3.0
RP931: 7/16/2012 3:36:35 AM - Software Distribution Service 3.0
RP932: 7/17/2012 3:37:48 AM - Software Distribution Service 3.0
RP933: 7/17/2012 11:23:08 AM - Software Distribution Service 3.0
RP934: 7/18/2012 11:22:10 AM - Software Distribution Service 3.0
RP935: 7/19/2012 11:25:17 AM - Software Distribution Service 3.0
RP936: 7/20/2012 1:12:44 AM - Software Distribution Service 3.0
RP937: 7/20/2012 11:22:54 AM - Software Distribution Service 3.0
RP938: 7/21/2012 11:24:41 AM - Software Distribution Service 3.0
RP939: 7/22/2012 11:21:46 AM - Software Distribution Service 3.0
RP940: 7/23/2012 9:11:57 AM - Software Distribution Service 3.0
RP941: 7/23/2012 5:24:02 PM - Software Distribution Service 3.0
RP942: 7/24/2012 9:28:13 AM - Software Distribution Service 3.0
RP943: 7/24/2012 9:49:13 AM - Installed AVG 2012
RP944: 7/24/2012 9:50:51 AM - Installed AVG 2012
RP945: 7/25/2012 11:38:03 AM - System Checkpoint
RP946: 7/26/2012 4:36:02 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.4
Adobe Reader X (10.1.3)
AVG 2012
Broadcom Management Programs
Free PDF to Word Doc Converter v1.1
GO! Res
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Product Detection
Intel(R) Extreme Graphics Driver
Java 2 Runtime Environment, SE v1.4.2_01
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 33
Java(TM) 6 Update 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.3
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Software Setup
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
WebFldrs XP
Windows Internet Explorer 7
Windows XP Service Pack 3
Worldspan API
.
==== Event Viewer Messages From Past Week ========
.
7/24/2012 9:30:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.574.0).
7/23/2012 9:13:57 AM, error: Microsoft Antimalware [2001] -
7/23/2012 9:13:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.485.0).
7/23/2012 5:25:30 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.513.0).
7/22/2012 11:22:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.434.0).
7/21/2012 11:25:56 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.405.0).
7/20/2012 11:24:50 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.337.0).
7/20/2012 1:15:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.307.0).
.
==== End Of File ===========================
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
30-Jul-2012, 10:03 AM #2
Hi Guys ! I wonder if someone might look at this problem for me ? It was originally posted on July 27th but maybe it got missed ?

Thank you again
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
31-Jul-2012, 04:47 PM #3
Because you don't have all the necessary updates (or the uninstallers have been deleted by a registry cleaner) we need to verify if the system is genuine so please do the following.

Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.


Also please do this:

Please download WVCheck and save it to your desktop.
  • Double click WVCheck.exe to run it. (If you downloaded the zipped version you will need to extract it first.)
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.
__________________
Microsoft MVP - Consumer Security
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
31-Jul-2012, 05:51 PM #4
Quote:
Originally Posted by davidf View Post
Hi Guys ! I wonder if someone might look at this problem for me ? It was originally posted on July 27th but maybe it got missed ?

Thank you again
Hi There

Thank you for helping me

The MGADiag said it was geniune but when I pressed copy it did not make a notepad copy.

Here is the other one

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1610_31-07-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-07-31 04:06:14
Last Success Time for Update Download: 2012-07-11 23:11:31
Last Success Time for Update Installation: 2012-07-12 08:03:03


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


-------- End of File, program close at 1634_31-07-2012 --------


Thank you again ----- DAve
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
31-Jul-2012, 06:03 PM #5
We will need to see the MGA Diagnostic report. When you click on copy, you won't see anything happen. It doesn't automatically go to Notepad. You have to open Notepad and then "paste" the log there.
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
31-Jul-2012, 06:21 PM #6
SORRY !!!

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-2MDY9-F6J9M-K42BQ
Windows Product Key Hash: jY+nlE0RT38EEXpeUqSdQPABSQc=
Windows Product ID: 76487-OEM-2211906-00101
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {D1699E17-18B0-4B84-B23D-BF7B7170CED3}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.42.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Prompt
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Prompt
Allow scripting of Internet Explorer Webbrowser control: Allowed
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D1699E17-18B0-4B84-B23D-BF7B7170CED3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-K42BQ</PKey><PID>76487-OEM-2211906-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-501490370-2008134318-2151013042</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP d530 SFF(DC578AV)</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786B2 v1.11</Version><SMBIOSVersion major="2" minor="3"/><Date>20030710000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>48B33FE701848043</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>HP d530 SFF(DC578AV)</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 5E4A:Compaq Computer Corporation|15C61:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|F2AB:Compaq Computer Corporation|10EAB:Compaq Computer Corporation|10EAB:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|F2AB:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

OEM Activation 2.0 Data-->
N/A
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
31-Jul-2012, 06:36 PM #7
Have you run some sort of registry cleaner? This is not recommended but is generally what removes the updates from the list.
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
01-Aug-2012, 11:24 AM #8
When I installed the AVG program they had a cleaner program - it may have made changes that I am not clear on

Dave
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
01-Aug-2012, 02:54 PM #9
That's probably what did it then.

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
02-Aug-2012, 04:46 PM #10
jComboFix 12-07-31.03 - Administrator 08/02/2012 8:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.45 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\msssc.dll
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-01 20:34 . 2012-08-01 20:34 -------- d-----w- c:\program files\7-Zip
2012-07-31 21:04 . 2012-07-31 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-07-27 18:06 . 2012-07-27 18:06 -------- d-----w- C:\found.000
2012-07-25 18:45 . 2012-07-25 18:50 -------- d-----w- c:\windows\system32\NtmsData
2012-07-24 14:46 . 2012-08-01 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 14:51 . 2012-04-20 18:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 14:51 . 2011-06-17 13:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-18 13:03 . 2010-05-10 22:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-18 13:03 . 2012-06-18 13:03 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-18 13:03 . 2010-05-10 22:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2004-08-04 06:17 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-04 07:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 22:35 . 2011-08-23 18:18 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-04 07:56 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2004-08-04 07:56 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2004-08-04 07:56 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2004-08-04 07:56 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2004-08-04 07:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2004-08-04 07:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2004-08-04 07:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2004-08-04 07:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-08-23 18:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2011-08-23 18:18 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 17:25 . 2011-08-22 15:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Worldspan Filter Agent.lnk - c:\wspan\swgw\FilterAgent.exe [2009-10-9 127044]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2012 5:30 PM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 1:31 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2012 5:30 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 14:51]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-23 22:29]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-23 22:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
Trusted Zone: arccorp.com\myarc
Trusted Zone: hobbittravel.net\mail
Trusted Zone: lcbahoops.org\www
Trusted Zone: worldspan.com
Trusted Zone: wspan.com
Trusted Zone: wspan.com\gopublic
TCP: DhcpNameServer = 192.168.1.1
DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} - hxxps://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,6e,82,d8,bf,96,d6,43,8c,d4,cd, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,6e,82,d8,bf,96,d6,43,8c,d4,cd, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2004)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\DllHost.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-08-02 12:59:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 17:59
.
Pre-Run: 24,821,059,584 bytes free
Post-Run: 24,963,211,264 bytes free
.
- - End Of File - - FFB62BAFA5C6FCE32DD5D0398D5378BB
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
02-Aug-2012, 04:54 PM #11
WOW - this is so much faster - did it do something as well as run a scan ?
I was using AVG but maybe that is not a good system for virus protection ?


Dave
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
02-Aug-2012, 05:50 PM #12
Just thought of something - I did have to uninstall AVG as the scan warned it could be damaging if it was scanning and AVG was on the system. So now I have no protection. Do you recommend anything in particular ? Is that maybe why this is soooo much faster - because AVG was slowing it down ?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
02-Aug-2012, 07:36 PM #13
ComboFix removed some infection which probably had an effect. Yes, you should install an anti-virus program. I'd suggest installing Microsoft Security Essentials:

http://windows.microsoft.com/en-US/w...ity-essentials

Download OTS.exe to your Desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus interferes with OTS, allow it to run.
  3. Double-click on OTS.exe to start the program.
  4. At the top put a check mark in the box beside "Scan All Users".
  5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
  6. Now click the Run Scan button on the toolbar.
  7. Let it run unhindered until it finishes.
  8. When the scan is complete Notepad will open with the report file loaded in it.
  9. Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
davidf's Avatar
davidf davidf is offline
Member with 109 posts.
THREAD STARTER
 
Join Date: May 2005
Experience: Beginner
04-Aug-2012, 01:32 PM #14
Code:
OTS logfile created on: 8/4/2012 12:24:30 PM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
247.00 Mb Total Physical Memory | 63.00 Mb Available Physical Memory | 25.00% Memory free
874.00 Mb Paging File | 585.00 Mb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 640 640 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.19 Gb Free Space | 62.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: READ2ATJANSDESK
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/08/04 12:22:59 | 000,646,656 | ---- | M] (OldTimer Tools)
soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org)
soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org)
filteragent.exe -> C:\wspan\swgw\FilterAgent.exe -> [2009/06/12 03:45:26 | 000,127,044 | ---- | M] (Worldspan L.P.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
libxml2.dll -> C:\Program Files\OpenOffice.org 3\program\libxml2.dll -> [2011/04/22 15:01:24 | 000,985,088 | ---- | M] ()
wsbrowserconfig.dll -> C:\wspan\GoRes\wsbrowserconfig.dll -> [2007/02/14 07:04:42 | 000,426,098 | ---- | M] ()
hpbhealr.dll -> C:\WINDOWS\system32\HPBHEALR.DLL -> [2001/07/31 05:17:12 | 000,094,274 | ---- | M] ()
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/08/02 15:49:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated)
(Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP)
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Running] ->  -> File not found
(iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wVchNTxx.sys -> [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation)
(iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wSiINTxx.sys -> [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation)
(iAimTV5) iAimTV5 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV10nt.sys -> [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation)
(iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wCh7xxNT.sys -> [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation)
(iAimTV6) iAimTV6 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV06nt.sys -> [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation)
(iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV04nt.sys -> [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation)
(iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV02NT.sys -> [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation)
(iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV01nt.sys -> [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation)
(iAimFP7) iAimFP7 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV09NT.sys -> [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation)
(iAimFP5) iAimFP5 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV07nt.sys -> [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation)
(iAimFP6) iAimFP6 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV08NT.sys -> [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation)
(i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\i81xnt5.sys -> [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation)
(iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV01nt.sys -> [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation)
(iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV02NT.sys -> [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation)
(iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV05NT.sys -> [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2003/02/25 11:18:08 | 000,170,880 | ---- | M] (Broadcom Corporation)
(Blfp) Broadcom Advanced Server Program Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\baspxp32.sys -> [2003/02/05 14:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation)
(Symmpi) Symmpi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symmpi.sys -> [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> -> 
HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\: Main\\"Start Page" -> http://google.com/ -> 
HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\: "ProxyEnable" -> 0 -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2012/08/02 12:51:20 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/06/18 08:03:31 | 000,329,480 | ---- | M] (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [Google Toolbar Notifier BHO] -> [2012/05/23 17:30:40 | 001,003,576 | ---- | M] (Google Inc.)
{CE7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> C:\wspan\GoRes\IEHelper.dll [IEHlprObj Class] -> [2007/05/23 15:34:12 | 000,126,976 | ---- | M] (Worldspan L.P.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SetRefresh" -> C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [C:\Program Files\Compaq\SetRefresh\SetRefresh.exe] -> [2002/08/07 11:24:48 | 000,485,376 | ---- | M] (Hewlett-Packard Company)
"srmclean" -> C:\cpqs\scom\srmclean.exe [C:\Cpqs\Scom\srmclean.exe] -> [2001/07/24 16:34:25 | 000,036,864 | ---- | M] ()
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2010/12/13 11:12:08 | 001,198,592 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Worldspan Filter Agent.lnk -> C:\wspan\swgw\FilterAgent.exe -> [2009/06/12 03:45:26 | 000,127,044 | ---- | M] (Worldspan L.P.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7170 domain(s) found. -> 
myarc_arccorp.com [https] -> Trusted sites -> 
mail_hobbittravel.net [https] -> Trusted sites -> 
www_lcbahoops.org [https] -> Trusted sites -> 
worldspan.com .[*] -> Trusted sites -> 
worldspan.com .[http] -> Trusted sites -> 
worldspan.com .[https] -> Trusted sites -> 
wspan.com .[*] -> Trusted sites -> 
wspan.com .[http] -> Trusted sites -> 
wspan.com .[https] -> Trusted sites -> 
gopublic_wspan.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{1671CF85-4FCB-11D1-A068-0004AC77A721} [HKLM] -> https://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB [WSEmul Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} [HKLM] -> http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB [Hewlett-Packard Printer Diagnostics] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343840940312 [MUWebControl Class] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{8E27C92B-1264-101C-8A2F-040224009C02} [HKLM] -> https://gopublic.wspan.com/Secure/DLLs/mscal.cab [Calendar Control 8.0] -> 
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
{F9043C85-F6F2-101A-A3C9-08002B2F49FB} [HKLM] -> https://gopublic.wspan.com/Secure/DLLs/Comdlg32.cab [Microsoft Common Dialog Control, version 5.0 (SP2)] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{F0B7580F-742D-4CC3-8C0F-3F014E729893}\\DhcpNameServer -> 192.168.1.1   (Broadcom NetXtreme Gigabit Ethernet for hp) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/03/11 07:11:06 | 000,315,392 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\WINDOWS\system32\usmt\migwiz.exe" -> C:\WINDOWS\System32\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> [2008/04/13 19:12:25 | 000,245,248 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
HidServ ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 7/24/2012 10:29:40 AM Computer Name = READ2ATJANSDESK | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 7/24/2012 10:31:01 AM Computer Name = READ2ATJANSDESK | Source = MPSampleSubmission | ID = 5000 -> Description = 
Application [ Error ] 7/25/2012 6:40:08 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
Application [ Error ] 7/26/2012 10:26:40 AM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
Application [ Error ] 7/27/2012 4:25:44 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
Application [ Error ] 7/30/2012 2:09:14 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
Application [ Error ] 7/31/2012 3:21:26 PM Computer Name = READ2ATJANSDESK | Source = MsiInstaller | ID = 1013 -> Description = Product: OpenOffice.org 3.4 -- Please exit OpenOffice.org 3.4 and the OpenOffice.org 3.4 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4 open.
Application [ Error ] 8/2/2012 7:03:59 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
Application [ Error ] 8/4/2012 11:54:32 AM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
Application [ Error ] 8/4/2012 1:21:23 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
System [ Error ] 7/27/2012 11:00:47 AM Computer Name = READ2ATJANSDESK | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.
System [ Error ] 7/27/2012 12:48:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
System [ Error ] 7/27/2012 12:51:16 PM Computer Name = READ2ATJANSDESK | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC.  Reference error message: Insufficient system resources exist to complete the requested service.  .
System [ Error ] 7/27/2012 12:51:16 PM Computer Name = READ2ATJANSDESK | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgdiagex.exe.  Reference error message: The operation completed successfully.  .
System [ Error ] 7/27/2012 12:59:06 PM Computer Name = READ2ATJANSDESK | Source = sr | ID = 1 -> Description = The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'work.dat' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
System [ Error ] 7/27/2012 1:00:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
System [ Error ] 7/27/2012 1:12:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
System [ Error ] 7/27/2012 1:24:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
System [ Error ] 7/27/2012 1:36:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
System [ Error ] 7/27/2012 1:48:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/08/04 12:22:53 | 000,646,656 | ---- | C] (OldTimer Tools)
 cmdcons -> C:\cmdcons -> [2012/08/01 16:27:19 | 000,000,000 | RHSD | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2012/08/01 16:25:11 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2012/08/01 16:25:11 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2012/08/01 16:25:11 | 000,212,480 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2012/08/01 16:25:11 | 000,060,416 | ---- | C] (NirSoft)
 Config.Msi -> C:\Config.Msi -> [2012/08/01 15:57:14 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2012/08/01 15:43:43 | 000,000,000 | ---D | C]
 erdnt -> C:\WINDOWS\erdnt -> [2012/08/01 15:41:15 | 000,000,000 | ---D | C]
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2012/08/01 15:40:30 | 004,722,680 | R--- | C] (Swearware)
 7-Zip -> C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip -> [2012/08/01 15:34:43 | 000,000,000 | ---D | C]
 7-Zip -> C:\Program Files\7-Zip -> [2012/08/01 15:34:42 | 000,000,000 | ---D | C]
 MGADiag.exe -> C:\Documents and Settings\Administrator\Desktop\MGADiag.exe -> [2012/07/31 16:06:52 | 002,031,992 | ---- | C] (Microsoft Corporation)
 Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2012/07/31 16:04:46 | 000,000,000 | ---D | C]
 OpenOffice.org 3.4 (en-US) Installation Files -> C:\Documents and Settings\Administrator\Desktop\OpenOffice.org 3.4 (en-US) Installation Files -> [2012/07/31 13:56:28 | 000,000,000 | ---D | C]
 found.000 -> C:\found.000 -> [2012/07/27 13:06:08 | 000,000,000 | ---D | C]
 Administrative Tools -> C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools -> [2012/07/27 08:32:06 | 000,000,000 | R--D | C]
 dds.com -> C:\Documents and Settings\Administrator\Desktop\dds.com -> [2012/07/27 08:31:23 | 000,607,260 | R--- | C] (Swearware)
 HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2012/07/27 08:26:42 | 000,388,608 | ---- | C] (Trend Micro Inc.)
 Microsoft Works -> C:\Documents and Settings\All Users\Documents\Microsoft Works -> [2012/07/25 13:53:25 | 000,000,000 | ---D | C]
 Backup 25JUL12 -> C:\Documents and Settings\All Users\Documents\Backup 25JUL12 -> [2012/07/25 13:47:39 | 000,000,000 | ---D | C]
 NtmsData -> C:\WINDOWS\System32\NtmsData -> [2012/07/25 13:45:50 | 000,000,000 | ---D | C]
 MFAData -> C:\Documents and Settings\All Users\Application Data\MFAData -> [2012/07/24 09:46:24 | 000,000,000 | ---D | C]
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/08/04 12:22:59 | 000,646,656 | ---- | M] (OldTimer Tools)
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/08/04 11:49:00 | 000,000,830 | ---- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/08/04 11:45:02 | 000,000,886 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/08/04 00:45:00 | 000,000,882 | ---- | M] ()
 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2012/08/02 15:49:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/08/02 15:49:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/08/02 12:51:20 | 000,000,027 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/08/02 12:51:16 | 000,001,158 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/08/02 11:59:41 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/08/02 11:59:40 | 259,575,808 | -HS- | M] ()
 boot.ini -> C:\boot.ini -> [2012/08/01 16:27:30 | 000,000,327 | RHS- | M] ()
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2012/08/01 15:40:45 | 004,722,680 | R--- | M] (Swearware)
 7zip_RocketFuelInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\7zip_RocketFuelInstaller.exe -> [2012/08/01 15:33:00 | 000,442,864 | ---- | M] ()
 WVCheck.exe -> C:\Documents and Settings\Administrator\Desktop\WVCheck.exe -> [2012/07/31 16:10:22 | 003,514,358 | ---- | M] ()
 MGADiag.exe -> C:\Documents and Settings\Administrator\Desktop\MGADiag.exe -> [2012/07/31 16:07:05 | 002,031,992 | ---- | M] (Microsoft Corporation)
 2002-2012 cks.xlr -> C:\2002-2012 cks.xlr -> [2012/07/30 17:49:54 | 007,131,648 | ---- | M] ()
 gmer 1.0.15.15641 btsl2b1p.exe -> C:\Documents and Settings\Administrator\Desktop\gmer 1.0.15.15641 btsl2b1p.exe -> [2012/07/27 09:20:50 | 000,302,592 | ---- | M] ()
 dds.com -> C:\Documents and Settings\Administrator\Desktop\dds.com -> [2012/07/27 08:32:00 | 000,607,260 | R--- | M] (Swearware)
 HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2012/07/27 08:27:11 | 000,388,608 | ---- | M] (Trend Micro Inc.)
 Berry yellow pages 2012 ad friedmans3[1].pdf -> C:\Documents and Settings\Administrator\My Documents\Berry yellow pages 2012 ad friedmans3[1].pdf -> [2012/07/26 12:07:37 | 000,849,434 | ---- | M] ()
 dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat -> [2012/07/24 10:30:04 | 000,027,520 | ---- | M] ()
 epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2012/07/24 09:42:59 | 000,001,945 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/07/23 08:56:56 | 000,302,824 | ---- | M] ()
 SMSCRMGR.SAV -> C:\WINDOWS\SMSCRMGR.SAV -> [2012/07/23 08:41:21 | 000,000,006 | ---- | M] ()
 Read Clinic acctg 2007-2012.xlr -> C:\Read Clinic acctg 2007-2012.xlr -> [2012/07/18 15:17:07 | 001,338,368 | ---- | M] ()
 READ CLINIC BILLING 2011-2012.wps -> C:\READ CLINIC BILLING 2011-2012.wps -> [2012/07/18 15:15:38 | 000,042,496 | ---- | M] ()
 LCBA Summer League july 17th 2012[modified][1].pdf -> C:\Documents and Settings\Administrator\My Documents\LCBA Summer League july 17th 2012[modified][1].pdf -> [2012/07/17 11:48:06 | 000,043,141 | ---- | M] ()
 BSDLF 2008 - DEC 2014.xlr -> C:\BSDLF 2008 - DEC 2014.xlr -> [2012/07/13 15:33:39 | 000,388,096 | ---- | M] ()
 June 2012.xlr -> C:\June 2012.xlr -> [2012/07/13 15:17:13 | 000,148,992 | ---- | M] ()
 2008-2012  OUTSTANDING CHECKS.xlr -> C:\2008-2012  OUTSTANDING CHECKS.xlr -> [2012/07/13 14:42:24 | 000,085,504 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/07/11 03:03:45 | 000,001,374 | ---- | M] ()
 May 2012.xlr -> C:\May 2012.xlr -> [2012/07/06 17:15:17 | 000,147,968 | ---- | M] ()
 April 2012.xlr -> C:\April 2012.xlr -> [2012/07/06 09:41:38 | 000,160,256 | ---- | M] ()
 March 2012.xlr -> C:\March 2012.xlr -> [2012/07/05 16:50:13 | 000,162,816 | ---- | M] ()
 BSDLF 2005 - DEC 2012.xlr -> C:\BSDLF 2005 - DEC 2012.xlr -> [2012/07/05 15:25:28 | 000,441,344 | ---- | M] ()
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> 
 
[Files - No Company Name]
 Boot.bak -> C:\Boot.bak -> [2012/08/01 16:27:29 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2012/08/01 16:27:21 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2012/08/01 16:25:11 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2012/08/01 16:25:11 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2012/08/01 16:25:11 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2012/08/01 16:25:11 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2012/08/01 16:25:11 | 000,068,096 | ---- | C] ()
 7zip_RocketFuelInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\7zip_RocketFuelInstaller.exe -> [2012/08/01 15:32:44 | 000,442,864 | ---- | C] ()
 WVCheck.exe -> C:\Documents and Settings\Administrator\Desktop\WVCheck.exe -> [2012/07/31 16:10:01 | 003,514,358 | ---- | C] ()
 gmer 1.0.15.15641 btsl2b1p.exe -> C:\Documents and Settings\Administrator\Desktop\gmer 1.0.15.15641 btsl2b1p.exe -> [2012/07/27 09:20:40 | 000,302,592 | ---- | C] ()
 Berry yellow pages 2012 ad friedmans3[1].pdf -> C:\Documents and Settings\Administrator\My Documents\Berry yellow pages 2012 ad friedmans3[1].pdf -> [2012/07/26 12:07:34 | 000,849,434 | ---- | C] ()
 dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat -> [2012/07/24 10:30:04 | 000,027,520 | ---- | C] ()
 SMSCRMGR.SAV -> C:\WINDOWS\SMSCRMGR.SAV -> [2012/07/23 08:41:21 | 000,000,006 | ---- | C] ()
 LCBA Summer League july 17th 2012[modified][1].pdf -> C:\Documents and Settings\Administrator\My Documents\LCBA Summer League july 17th 2012[modified][1].pdf -> [2012/07/17 11:48:02 | 000,043,141 | ---- | C] ()
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/07/17 11:13:47 | 000,000,830 | ---- | C] ()
 June 2012.xlr -> C:\June 2012.xlr -> [2012/07/13 13:48:36 | 000,148,992 | ---- | C] ()
 BSDLF 2008 - DEC 2014.xlr -> C:\BSDLF 2008 - DEC 2014.xlr -> [2012/07/05 15:26:03 | 000,388,096 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/15 11:24:09 | 000,003,072 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/11/01 07:51:43 | 000,003,584 | ---- | C] ()
< End of report >
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,004 posts.
 
Join Date: Aug 2003
04-Aug-2012, 09:53 PM #15
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.

Code:
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16]
YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp
[Files - No Company Name]
NY ->  dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑