1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer taken over ?

Discussion in 'Virus & Other Malware Removal' started by davidf, Jul 27, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    I noticed lately several emails coming back as non-delivered indicating my computer was sending emails out to addresses - not me - my computer (although the address indicating where it came from was not my address - however it was the correct ending after the @ symbol). For instance, my email is [email protected]. The non-delivered email came from [email protected].

    Also, my computer is really running slowly.

    I think I may be infected.

    Enclosed is the hijack file, the dds file, and the attach file. When I tried to scan using GMER it ran for 2 hours and then froze so I can't get that one. Hope you can explain how to do this better.

    Thank you for your assistance ----


    Dave




    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:28:32 AM, on 7/27/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\wspan\swgw\FilterAgent.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.wspan.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60288
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Worldspan Go!
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\wspan\GoRes\IEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Worldspan Filter Agent.lnk = C:\wspan\swgw\FilterAgent.exe
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.worldspan.com
    O15 - Trusted Zone: http://*.worldspan.com
    O15 - Trusted Zone: *.wspan.com
    O15 - Trusted Zone: http://*.wspan.com
    O16 - DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} (WSEmul Control) - https://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB
    O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} (Calendar Control 8.0) - https://gopublic.wspan.com/Secure/DLLs/mscal.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 5.0 (SP2)) - https://gopublic.wspan.com/Secure/DLLs/Comdlg32.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

    --
    End of file - 8523 bytes



    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 8:34:23 on 2012-07-27
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.74 [GMT -5:00]
    .
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgidsagent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    svchost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\wspan\swgw\FilterAgent.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\DllHost.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://home.wspan.com
    uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60288
    uStart Page = hxxp://google.com/
    uWindow Title = Microsoft Internet Explorer provided by Worldspan Go!
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: IEHlprObj Class: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\wspan\gores\IEHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [srmclean] c:\cpqs\scom\srmclean.exe
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\worlds~1.lnk - c:\wspan\swgw\FilterAgent.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    Trusted Zone: arccorp.com\myarc
    Trusted Zone: hobbittravel.net\mail
    Trusted Zone: lcbahoops.org\www
    Trusted Zone: worldspan.com
    Trusted Zone: wspan.com
    Trusted Zone: wspan.com\gopublic
    DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} - hxxps://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {8E27C92B-1264-101C-8A2F-040224009C02} - hxxps://gopublic.wspan.com/Secure/DLLs/mscal.cab
    DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - hxxps://gopublic.wspan.com/Secure/DLLs/Comdlg32.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F0B7580F-742D-4CC3-8C0F-3F014E729893} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    Notify: igfxcui - igfxsrvc.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-25 935008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-23 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-23 136176]
    .
    =============== Created Last 30 ================
    .
    2012-07-25 18:45:50 -------- d-----w- c:\windows\system32\NtmsData
    2012-07-25 15:14:22 -------- d-----w- c:\windows\system32\cache
    2012-07-24 16:40:01 -------- d-----w- c:\documents and settings\administrator\application data\AVG
    2012-07-24 15:05:51 -------- d-----w- c:\documents and settings\administrator\application data\AVG2012
    2012-07-24 14:59:27 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG Secure Search
    2012-07-24 14:59:04 -------- d-----w- c:\documents and settings\administrator\application data\AVG Secure Search
    2012-07-24 14:58:58 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
    2012-07-24 14:58:49 -------- d-----w- c:\program files\common files\AVG Secure Search
    2012-07-24 14:58:47 -------- d-----w- c:\program files\AVG Secure Search
    2012-07-24 14:52:14 -------- d--h--w- C:\$AVG
    2012-07-24 14:52:12 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-24 14:52:12 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
    2012-07-24 14:49:16 -------- d-----w- c:\program files\AVG
    2012-07-24 14:46:24 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    .
    ==================== Find3M ====================
    .
    2012-07-17 16:13:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-17 16:13:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-18 13:03:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-06-18 13:03:30 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-18 13:03:30 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 8:36:16.18 ===============





    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/23/2009 4:21:45 PM
    System Uptime: 7/26/2012 9:29:22 AM (23 hours ago)
    .
    Motherboard: Hewlett-Packard | | 085Ch
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | XU1 PROCESSOR | 2394/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 22.389 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP884: 6/6/2012 3:21:20 AM - System Checkpoint
    RP885: 6/7/2012 5:21:21 AM - System Checkpoint
    RP886: 6/8/2012 7:21:20 AM - System Checkpoint
    RP887: 6/9/2012 9:21:20 AM - System Checkpoint
    RP888: 6/10/2012 11:21:17 AM - System Checkpoint
    RP889: 6/11/2012 11:55:44 AM - System Checkpoint
    RP890: 6/12/2012 12:01:34 PM - System Checkpoint
    RP891: 6/13/2012 3:00:18 AM - Software Distribution Service 3.0
    RP892: 6/14/2012 3:44:49 AM - System Checkpoint
    RP893: 6/15/2012 3:49:18 AM - System Checkpoint
    RP894: 6/16/2012 5:49:18 AM - System Checkpoint
    RP895: 6/17/2012 7:49:18 AM - System Checkpoint
    RP896: 6/18/2012 8:02:29 AM - Removed Java(TM) 6 Update 31
    RP897: 6/18/2012 8:03:08 AM - Installed Java(TM) 6 Update 33
    RP898: 6/19/2012 10:57:59 AM - System Checkpoint
    RP899: 6/20/2012 3:46:34 PM - System Checkpoint
    RP900: 6/21/2012 6:36:02 PM - System Checkpoint
    RP901: 6/22/2012 6:43:44 PM - System Checkpoint
    RP902: 6/23/2012 8:42:38 PM - System Checkpoint
    RP903: 6/24/2012 10:42:35 PM - System Checkpoint
    RP904: 6/26/2012 12:41:52 AM - System Checkpoint
    RP905: 6/27/2012 2:41:49 AM - System Checkpoint
    RP906: 6/28/2012 7:35:53 AM - System Checkpoint
    RP907: 6/29/2012 11:07:43 AM - System Checkpoint
    RP908: 6/30/2012 11:24:29 AM - System Checkpoint
    RP909: 7/1/2012 1:24:25 PM - System Checkpoint
    RP910: 7/2/2012 6:33:05 PM - System Checkpoint
    RP911: 7/3/2012 7:24:42 PM - System Checkpoint
    RP912: 7/4/2012 9:24:38 PM - System Checkpoint
    RP913: 7/5/2012 10:45:34 AM - Software Distribution Service 3.0
    RP914: 7/5/2012 10:54:11 AM - Software Distribution Service 3.0
    RP915: 7/5/2012 11:00:45 AM - Software Distribution Service 3.0
    RP916: 7/5/2012 11:34:40 AM - Software Distribution Service 3.0
    RP917: 7/6/2012 1:00:28 AM - Software Distribution Service 3.0
    RP918: 7/6/2012 11:46:02 AM - Software Distribution Service 3.0
    RP919: 7/7/2012 11:44:35 AM - Software Distribution Service 3.0
    RP920: 7/8/2012 11:44:33 AM - Software Distribution Service 3.0
    RP921: 7/9/2012 11:47:45 AM - Software Distribution Service 3.0
    RP922: 7/10/2012 11:45:42 AM - Software Distribution Service 3.0
    RP923: 7/11/2012 3:00:22 AM - Software Distribution Service 3.0
    RP924: 7/11/2012 3:36:54 AM - Software Distribution Service 3.0
    RP925: 7/12/2012 3:00:22 AM - Software Distribution Service 3.0
    RP926: 7/12/2012 3:37:07 AM - Software Distribution Service 3.0
    RP927: 7/13/2012 1:09:31 AM - Software Distribution Service 3.0
    RP928: 7/14/2012 1:26:16 AM - System Checkpoint
    RP929: 7/14/2012 3:36:18 AM - Software Distribution Service 3.0
    RP930: 7/15/2012 3:36:34 AM - Software Distribution Service 3.0
    RP931: 7/16/2012 3:36:35 AM - Software Distribution Service 3.0
    RP932: 7/17/2012 3:37:48 AM - Software Distribution Service 3.0
    RP933: 7/17/2012 11:23:08 AM - Software Distribution Service 3.0
    RP934: 7/18/2012 11:22:10 AM - Software Distribution Service 3.0
    RP935: 7/19/2012 11:25:17 AM - Software Distribution Service 3.0
    RP936: 7/20/2012 1:12:44 AM - Software Distribution Service 3.0
    RP937: 7/20/2012 11:22:54 AM - Software Distribution Service 3.0
    RP938: 7/21/2012 11:24:41 AM - Software Distribution Service 3.0
    RP939: 7/22/2012 11:21:46 AM - Software Distribution Service 3.0
    RP940: 7/23/2012 9:11:57 AM - Software Distribution Service 3.0
    RP941: 7/23/2012 5:24:02 PM - Software Distribution Service 3.0
    RP942: 7/24/2012 9:28:13 AM - Software Distribution Service 3.0
    RP943: 7/24/2012 9:49:13 AM - Installed AVG 2012
    RP944: 7/24/2012 9:50:51 AM - Installed AVG 2012
    RP945: 7/25/2012 11:38:03 AM - System Checkpoint
    RP946: 7/26/2012 4:36:02 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.3.4
    Adobe Reader X (10.1.3)
    AVG 2012
    Broadcom Management Programs
    Free PDF to Word Doc Converter v1.1
    GO! Res
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Product Detection
    Intel(R) Extreme Graphics Driver
    Java 2 Runtime Environment, SE v1.4.2_01
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 33
    Java(TM) 6 Update 4
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works 7.0
    Octoshape add-in for Adobe Flash Player
    OpenOffice.org 3.3
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB923789)
    Software Setup
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    WebFldrs XP
    Windows Internet Explorer 7
    Windows XP Service Pack 3
    Worldspan API
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/24/2012 9:30:53 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.574.0).
    7/23/2012 9:13:57 AM, error: Microsoft Antimalware [2001] -
    7/23/2012 9:13:55 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.485.0).
    7/23/2012 5:25:30 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.513.0).
    7/22/2012 11:22:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.434.0).
    7/21/2012 11:25:56 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.405.0).
    7/20/2012 11:24:50 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.337.0).
    7/20/2012 1:15:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.307.0).
    .
    ==== End Of File ===========================
     
  2. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    Hi Guys ! I wonder if someone might look at this problem for me ? It was originally posted on July 27th but maybe it got missed ?

    Thank you again
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,659
    Because you don't have all the necessary updates (or the uninstallers have been deleted by a registry cleaner) we need to verify if the system is genuine so please do the following.

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.


    Also please do this:

    Please download WVCheck and save it to your desktop.

    • Double click WVCheck.exe to run it. (If you downloaded the zipped version you will need to extract it first.)
    • As indicated by the prompt, this program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file as a reply.
     
  4. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    Hi There

    Thank you for helping me

    The MGADiag said it was geniune but when I pressed copy it did not make a notepad copy.

    Here is the other one

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1610_31-07-2012
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows XP Service Pack 3
    Windows Mode: Normal
    Systemroot Path: C:\WINDOWS

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2012-07-31 04:06:14
    Last Success Time for Update Download: 2012-07-11 23:11:31
    Last Success Time for Update Installation: 2012-07-12 08:03:03


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - b26b135ff1b9f60c9388b4a7d16f600b


    -------- End of File, program close at 1634_31-07-2012 --------


    Thank you again ----- DAve
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,659
    We will need to see the MGA Diagnostic report. When you click on copy, you won't see anything happen. It doesn't automatically go to Notepad. You have to open Notepad and then "paste" the log there.
     
  6. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    SORRY !!!

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-2MDY9-F6J9M-K42BQ
    Windows Product Key Hash: jY+nlE0RT38EEXpeUqSdQPABSQc=
    Windows Product ID: 76487-OEM-2211906-00101
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {D1699E17-18B0-4B84-B23D-BF7B7170CED3}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.9.40.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Prompt
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Prompt
    Allow scripting of Internet Explorer Webbrowser control: Allowed
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{D1699E17-18B0-4B84-B23D-BF7B7170CED3}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-K42BQ</PKey><PID>76487-OEM-2211906-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-501490370-2008134318-2151013042</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP d530 SFF(DC578AV)</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786B2 v1.11</Version><SMBIOSVersion major="2" minor="3"/><Date>20030710000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>48B33FE701848043</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>HP d530 SFF(DC578AV)</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 5E4A:Compaq Computer Corporation|15C61:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|F2AB:Compaq Computer Corporation|10EAB:Compaq Computer Corporation|10EAB:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|F2AB:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

    OEM Activation 2.0 Data-->
    N/A
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,659
    Have you run some sort of registry cleaner? This is not recommended but is generally what removes the updates from the list.
     
  8. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    When I installed the AVG program they had a cleaner program - it may have made changes that I am not clear on

    Dave
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,659
    That's probably what did it then.

    Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  10. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    jComboFix 12-07-31.03 - Administrator 08/02/2012 8:46.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.45 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
    AV: AVG Anti-Virus 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Thumbs.db
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\drivers\fad.sys
    c:\windows\system32\msssc.dll
    .
    Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
    Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 20:34 . 2012-08-01 20:34 -------- d-----w- c:\program files\7-Zip
    2012-07-31 21:04 . 2012-07-31 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2012-07-27 18:06 . 2012-07-27 18:06 -------- d-----w- C:\found.000
    2012-07-25 18:45 . 2012-07-25 18:50 -------- d-----w- c:\windows\system32\NtmsData
    2012-07-24 14:46 . 2012-08-01 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 14:51 . 2012-04-20 18:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 14:51 . 2011-06-17 13:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-18 13:03 . 2010-05-10 22:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-06-18 13:03 . 2012-06-18 13:03 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-18 13:03 . 2010-05-10 22:41 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-13 13:19 . 2004-08-04 06:17 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-04-14 00:12 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2004-08-04 07:56 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 22:35 . 2011-08-23 18:18 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-04 04:32 . 2004-08-04 07:56 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2008-10-16 21:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2004-08-04 07:56 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2004-08-04 07:56 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2004-08-04 07:56 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2008-10-16 21:09 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2008-10-16 21:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2004-08-04 07:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2004-08-04 07:56 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2004-08-04 07:56 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2008-10-16 21:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2004-08-04 07:56 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2004-08-04 07:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2011-08-23 18:18 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18 . 2011-08-23 18:18 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 17:25 . 2011-08-22 15:58 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 13:22 . 2004-08-04 07:56 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 14:42 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688]
    "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
    "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2002-08-07 485376]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Worldspan Filter Agent.lnk - c:\wspan\swgw\FilterAgent.exe [2009-10-9 127044]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\dllhost.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    .
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2012 5:30 PM 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/20/2012 1:31 PM 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2012 5:30 PM 136176]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 14:51]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-23 22:29]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-23 22:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    Trusted Zone: arccorp.com\myarc
    Trusted Zone: hobbittravel.net\mail
    Trusted Zone: lcbahoops.org\www
    Trusted Zone: worldspan.com
    Trusted Zone: wspan.com
    Trusted Zone: wspan.com\gopublic
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {1671CF85-4FCB-11D1-A068-0004AC77A721} - hxxps://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-02 12:51
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,6e,82,d8,bf,96,d6,43,8c,d4,cd,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,6e,82,d8,bf,96,d6,43,8c,d4,cd,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2004)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\windows\system32\DllHost.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    .
    **************************************************************************
    .
    Completion time: 2012-08-02 12:59:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 17:59
    .
    Pre-Run: 24,821,059,584 bytes free
    Post-Run: 24,963,211,264 bytes free
    .
    - - End Of File - - FFB62BAFA5C6FCE32DD5D0398D5378BB
     
  11. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    WOW - this is so much faster - did it do something as well as run a scan ?
    I was using AVG but maybe that is not a good system for virus protection ?


    Dave
     
  12. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    Just thought of something - I did have to uninstall AVG as the scan warned it could be damaging if it was scanning and AVG was on the system. So now I have no protection. Do you recommend anything in particular ? Is that maybe why this is soooo much faster - because AVG was slowing it down ?
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,659
    ComboFix removed some infection which probably had an effect. Yes, you should install an anti-virus program. I'd suggest installing Microsoft Security Essentials:

    http://windows.microsoft.com/en-US/windows/products/security-essentials

    Download OTS.exe to your Desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Double-click on OTS.exe to start the program.
    4. At the top put a check mark in the box beside "Scan All Users".
    5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
    6. Now click the Run Scan button on the toolbar.
    7. Let it run unhindered until it finishes.
    8. When the scan is complete Notepad will open with the report file loaded in it.
    9. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  14. davidf

    davidf Thread Starter

    Joined:
    May 12, 2005
    Messages:
    109
    Code:
    OTS logfile created on: 8/4/2012 12:24:30 PM - Run 1
    OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    247.00 Mb Total Physical Memory | 63.00 Mb Available Physical Memory | 25.00% Memory free
    874.00 Mb Paging File | 585.00 Mb Available in Paging File | 67.00% Paging File free
    Paging file location(s): C:\pagefile.sys 640 640 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 23.19 Gb Free Space | 62.23% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: READ2ATJANSDESK
    Current User Name: Administrator
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/08/04 12:22:59 | 000,646,656 | ---- | M] (OldTimer Tools)
    soffice.exe -> C:\Program Files\OpenOffice.org 3\program\soffice.exe -> [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org)
    soffice.bin -> C:\Program Files\OpenOffice.org 3\program\soffice.bin -> [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org)
    filteragent.exe -> C:\wspan\swgw\FilterAgent.exe -> [2009/06/12 03:45:26 | 000,127,044 | ---- | M] (Worldspan L.P.)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
     
    [Modules - No Company Name]
    libxml2.dll -> C:\Program Files\OpenOffice.org 3\program\libxml2.dll -> [2011/04/22 15:01:24 | 000,985,088 | ---- | M] ()
    wsbrowserconfig.dll -> C:\wspan\GoRes\wsbrowserconfig.dll -> [2007/02/14 07:04:42 | 000,426,098 | ---- | M] ()
    hpbhealr.dll -> C:\WINDOWS\system32\HPBHEALR.DLL -> [2001/07/31 05:17:12 | 000,094,274 | ---- | M] ()
     
    [Win32 Services - Safe List]
    (HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
    (AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/08/02 15:49:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated)
    (Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2003/10/22 10:19:22 | 000,065,536 | ---- | M] (HP)
     
    [Driver Services - Safe List]
    (catchme) catchme [Kernel | On_Demand | Running] ->  -> File not found
    (iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wVchNTxx.sys -> [2004/08/03 19:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation)
    (iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wSiINTxx.sys -> [2004/08/03 19:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation)
    (iAimTV5) iAimTV5 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV10nt.sys -> [2004/08/03 19:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation)
    (iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wCh7xxNT.sys -> [2004/08/03 19:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation)
    (iAimTV6) iAimTV6 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV06nt.sys -> [2004/08/03 19:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation)
    (iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV04nt.sys -> [2004/08/03 19:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation)
    (iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV02NT.sys -> [2004/08/03 19:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation)
    (iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wATV01nt.sys -> [2004/08/03 19:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation)
    (iAimFP7) iAimFP7 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV09NT.sys -> [2004/08/03 19:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation)
    (iAimFP5) iAimFP5 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV07nt.sys -> [2004/08/03 19:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation)
    (iAimFP6) iAimFP6 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV08NT.sys -> [2004/08/03 19:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation)
    (i81x) i81x [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\i81xnt5.sys -> [2004/08/03 19:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation)
    (iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV01nt.sys -> [2004/08/03 19:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation)
    (iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV02NT.sys -> [2004/08/03 19:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation)
    (iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wADV05NT.sys -> [2004/08/03 19:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation)
    (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2003/02/25 11:18:08 | 000,170,880 | ---- | M] (Broadcom Corporation)
    (Blfp) Broadcom Advanced Server Program Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\baspxp32.sys -> [2003/02/05 14:22:32 | 000,050,816 | ---- | M] (Broadcom Corporation)
    (Symmpi) Symmpi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symmpi.sys -> [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
    HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> -> 
    HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\: Main\\"Start Page" -> http://google.com/ -> 
    HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\: "ProxyEnable" -> 0 -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
    < HOSTS File > ([2012/08/02 12:51:20 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1       localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2012/06/18 08:03:31 | 000,329,480 | ---- | M] (Sun Microsystems, Inc.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [Google Toolbar Notifier BHO] -> [2012/05/23 17:30:40 | 001,003,576 | ---- | M] (Google Inc.)
    {CE7C3CF0-4B15-11D1-ABED-709549C10000} [HKLM] -> C:\wspan\GoRes\IEHelper.dll [IEHlprObj Class] -> [2007/05/23 15:34:12 | 000,126,976 | ---- | M] (Worldspan L.P.)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "SetRefresh" -> C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [C:\Program Files\Compaq\SetRefresh\SetRefresh.exe] -> [2002/08/07 11:24:48 | 000,485,376 | ---- | M] (Hewlett-Packard Company)
    "srmclean" -> C:\cpqs\scom\srmclean.exe [C:\Cpqs\Scom\srmclean.exe] -> [2001/07/24 16:34:25 | 000,036,864 | ---- | M] ()
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2010/12/13 11:12:08 | 001,198,592 | ---- | M] ()
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Worldspan Filter Agent.lnk -> C:\wspan\swgw\FilterAgent.exe -> [2009/06/12 03:45:26 | 000,127,044 | ---- | M] (Worldspan L.P.)
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < Software Policy Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"HonorAutoRunSetting" ->  [1] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" ->  [323] -> File not found
    \\"NoDriveAutoRun" ->  [67108863] -> File not found
    \\"NoDrives" ->  [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7170 domain(s) found. -> 
    myarc_arccorp.com [https] -> Trusted sites -> 
    mail_hobbittravel.net [https] -> Trusted sites -> 
    www_lcbahoops.org [https] -> Trusted sites -> 
    worldspan.com .[*] -> Trusted sites -> 
    worldspan.com .[http] -> Trusted sites -> 
    worldspan.com .[https] -> Trusted sites -> 
    wspan.com .[*] -> Trusted sites -> 
    wspan.com .[http] -> Trusted sites -> 
    wspan.com .[https] -> Trusted sites -> 
    gopublic_wspan.com [https] -> Trusted sites -> 
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\] > -> HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_USERS\S-1-5-21-501490370-2008134318-2151013042-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {1671CF85-4FCB-11D1-A068-0004AC77A721} [HKLM] -> https://gopublic.wspan.com/Secure/DLLs/WSEMUL.CAB [WSEmul Control] -> 
    {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
    {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} [HKLM] -> http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB [Hewlett-Packard Printer Diagnostics] -> 
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343840940312 [MUWebControl Class] -> 
    {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab [GMNRev Class] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
    {8E27C92B-1264-101C-8A2F-040224009C02} [HKLM] -> https://gopublic.wspan.com/Secure/DLLs/mscal.cab [Calendar Control 8.0] -> 
    {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Reg Error: Key error.] -> 
    {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] -> 
    {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab [Java Plug-in 1.6.0_33] -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
    {F9043C85-F6F2-101A-A3C9-08002B2F49FB} [HKLM] -> https://gopublic.wspan.com/Secure/DLLs/Comdlg32.cab [Microsoft Common Dialog Control, version 5.0 (SP2)] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 192.168.1.1 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {F0B7580F-742D-4CC3-8C0F-3F014E729893}\\DhcpNameServer -> 192.168.1.1   (Broadcom NetXtreme Gigabit Ethernet for hp) -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
    C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
    igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/03/11 07:11:06 | 000,315,392 | ---- | M] (Intel Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\WINDOWS\system32\usmt\migwiz.exe" -> C:\WINDOWS\System32\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> [2008/04/13 19:12:25 | 000,245,248 | ---- | M] (Microsoft Corporation)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
    [Registry - Additional Scans - Safe List]
    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
    *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
    6to4 ->  -> File not found
    HidServ ->  -> File not found
    Ias ->  -> File not found
    Iprip ->  -> File not found
    Irmon ->  -> File not found
    NWCWorkstation ->  -> File not found
    Nwsapagent ->  -> File not found
    WmdmPmSp ->  -> File not found
    *MultiFile Done* -> -> 
    < EventViewer Logs - Last 10 Errors > -> Event Information -> Description
    Application [ Error ] 7/24/2012 10:29:40 AM Computer Name = READ2ATJANSDESK | Source = MPSampleSubmission | ID = 5000 -> Description = 
    Application [ Error ] 7/24/2012 10:31:01 AM Computer Name = READ2ATJANSDESK | Source = MPSampleSubmission | ID = 5000 -> Description = 
    Application [ Error ] 7/25/2012 6:40:08 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    Application [ Error ] 7/26/2012 10:26:40 AM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    Application [ Error ] 7/27/2012 4:25:44 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    Application [ Error ] 7/30/2012 2:09:14 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    Application [ Error ] 7/31/2012 3:21:26 PM Computer Name = READ2ATJANSDESK | Source = MsiInstaller | ID = 1013 -> Description = Product: OpenOffice.org 3.4 -- Please exit OpenOffice.org 3.4 and the OpenOffice.org 3.4 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice.org 3.4 open.
    Application [ Error ] 8/2/2012 7:03:59 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    Application [ Error ] 8/4/2012 11:54:32 AM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    Application [ Error ] 8/4/2012 1:21:23 PM Computer Name = READ2ATJANSDESK | Source = SCM | ID = 0 -> Description = 
    System [ Error ] 7/27/2012 11:00:47 AM Computer Name = READ2ATJANSDESK | Source = atapi | ID = 262153 -> Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    System [ Error ] 7/27/2012 12:48:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
    System [ Error ] 7/27/2012 12:51:16 PM Computer Name = READ2ATJANSDESK | Source = SideBySide | ID = 16842811 -> Description = Resolve Partial Assembly failed for Microsoft.VC90.MFC.  Reference error message: Insufficient system resources exist to complete the requested service.  .
    System [ Error ] 7/27/2012 12:51:16 PM Computer Name = READ2ATJANSDESK | Source = SideBySide | ID = 16842811 -> Description = Generate Activation Context failed for C:\Program Files\AVG\AVG2012\avgdiagex.exe.  Reference error message: The operation completed successfully.  .
    System [ Error ] 7/27/2012 12:59:06 PM Computer Name = READ2ATJANSDESK | Source = sr | ID = 1 -> Description = The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'work.dat' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
    System [ Error ] 7/27/2012 1:00:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
    System [ Error ] 7/27/2012 1:12:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
    System [ Error ] 7/27/2012 1:24:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
    System [ Error ] 7/27/2012 1:36:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
    System [ Error ] 7/27/2012 1:48:37 PM Computer Name = READ2ATJANSDESK | Source = Srv | ID = 2019 -> Description = The server was unable to allocate from the system nonpaged pool because the pool was empty.
     
    [Files/Folders - Created Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/08/04 12:22:53 | 000,646,656 | ---- | C] (OldTimer Tools)
     cmdcons -> C:\cmdcons -> [2012/08/01 16:27:19 | 000,000,000 | RHSD | C]
     SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2012/08/01 16:25:11 | 000,518,144 | ---- | C] (SteelWerX)
     SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2012/08/01 16:25:11 | 000,406,528 | ---- | C] (SteelWerX)
     SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2012/08/01 16:25:11 | 000,212,480 | ---- | C] (SteelWerX)
     NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2012/08/01 16:25:11 | 000,060,416 | ---- | C] (NirSoft)
     Config.Msi -> C:\Config.Msi -> [2012/08/01 15:57:14 | 000,000,000 | ---D | C]
     Qoobox -> C:\Qoobox -> [2012/08/01 15:43:43 | 000,000,000 | ---D | C]
     erdnt -> C:\WINDOWS\erdnt -> [2012/08/01 15:41:15 | 000,000,000 | ---D | C]
     puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2012/08/01 15:40:30 | 004,722,680 | R--- | C] (Swearware)
     7-Zip -> C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip -> [2012/08/01 15:34:43 | 000,000,000 | ---D | C]
     7-Zip -> C:\Program Files\7-Zip -> [2012/08/01 15:34:42 | 000,000,000 | ---D | C]
     MGADiag.exe -> C:\Documents and Settings\Administrator\Desktop\MGADiag.exe -> [2012/07/31 16:06:52 | 002,031,992 | ---- | C] (Microsoft Corporation)
     Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [2012/07/31 16:04:46 | 000,000,000 | ---D | C]
     OpenOffice.org 3.4 (en-US) Installation Files -> C:\Documents and Settings\Administrator\Desktop\OpenOffice.org 3.4 (en-US) Installation Files -> [2012/07/31 13:56:28 | 000,000,000 | ---D | C]
     found.000 -> C:\found.000 -> [2012/07/27 13:06:08 | 000,000,000 | ---D | C]
     Administrative Tools -> C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools -> [2012/07/27 08:32:06 | 000,000,000 | R--D | C]
     dds.com -> C:\Documents and Settings\Administrator\Desktop\dds.com -> [2012/07/27 08:31:23 | 000,607,260 | R--- | C] (Swearware)
     HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2012/07/27 08:26:42 | 000,388,608 | ---- | C] (Trend Micro Inc.)
     Microsoft Works -> C:\Documents and Settings\All Users\Documents\Microsoft Works -> [2012/07/25 13:53:25 | 000,000,000 | ---D | C]
     Backup 25JUL12 -> C:\Documents and Settings\All Users\Documents\Backup 25JUL12 -> [2012/07/25 13:47:39 | 000,000,000 | ---D | C]
     NtmsData -> C:\WINDOWS\System32\NtmsData -> [2012/07/25 13:45:50 | 000,000,000 | ---D | C]
     MFAData -> C:\Documents and Settings\All Users\Application Data\MFAData -> [2012/07/24 09:46:24 | 000,000,000 | ---D | C]
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> 
     
    [Files/Folders - Modified Within 30 Days]
     OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2012/08/04 12:22:59 | 000,646,656 | ---- | M] (OldTimer Tools)
     Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/08/04 11:49:00 | 000,000,830 | ---- | M] ()
     GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/08/04 11:45:02 | 000,000,886 | ---- | M] ()
     GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/08/04 00:45:00 | 000,000,882 | ---- | M] ()
     FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2012/08/02 15:49:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated)
     FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/08/02 15:49:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated)
     hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/08/02 12:51:20 | 000,000,027 | ---- | M] ()
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/08/02 12:51:16 | 000,001,158 | ---- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/08/02 11:59:41 | 000,002,048 | --S- | M] ()
     hiberfil.sys -> C:\hiberfil.sys -> [2012/08/02 11:59:40 | 259,575,808 | -HS- | M] ()
     boot.ini -> C:\boot.ini -> [2012/08/01 16:27:30 | 000,000,327 | RHS- | M] ()
     puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2012/08/01 15:40:45 | 004,722,680 | R--- | M] (Swearware)
     7zip_RocketFuelInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\7zip_RocketFuelInstaller.exe -> [2012/08/01 15:33:00 | 000,442,864 | ---- | M] ()
     WVCheck.exe -> C:\Documents and Settings\Administrator\Desktop\WVCheck.exe -> [2012/07/31 16:10:22 | 003,514,358 | ---- | M] ()
     MGADiag.exe -> C:\Documents and Settings\Administrator\Desktop\MGADiag.exe -> [2012/07/31 16:07:05 | 002,031,992 | ---- | M] (Microsoft Corporation)
     2002-2012 cks.xlr -> C:\2002-2012 cks.xlr -> [2012/07/30 17:49:54 | 007,131,648 | ---- | M] ()
     gmer 1.0.15.15641 btsl2b1p.exe -> C:\Documents and Settings\Administrator\Desktop\gmer 1.0.15.15641 btsl2b1p.exe -> [2012/07/27 09:20:50 | 000,302,592 | ---- | M] ()
     dds.com -> C:\Documents and Settings\Administrator\Desktop\dds.com -> [2012/07/27 08:32:00 | 000,607,260 | R--- | M] (Swearware)
     HijackThis.exe -> C:\Documents and Settings\Administrator\Desktop\HijackThis.exe -> [2012/07/27 08:27:11 | 000,388,608 | ---- | M] (Trend Micro Inc.)
     Berry yellow pages 2012 ad friedmans3[1].pdf -> C:\Documents and Settings\Administrator\My Documents\Berry yellow pages 2012 ad friedmans3[1].pdf -> [2012/07/26 12:07:37 | 000,849,434 | ---- | M] ()
     dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat -> [2012/07/24 10:30:04 | 000,027,520 | ---- | M] ()
     epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2012/07/24 09:42:59 | 000,001,945 | ---- | M] ()
     FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/07/23 08:56:56 | 000,302,824 | ---- | M] ()
     SMSCRMGR.SAV -> C:\WINDOWS\SMSCRMGR.SAV -> [2012/07/23 08:41:21 | 000,000,006 | ---- | M] ()
     Read Clinic acctg 2007-2012.xlr -> C:\Read Clinic acctg 2007-2012.xlr -> [2012/07/18 15:17:07 | 001,338,368 | ---- | M] ()
     READ CLINIC BILLING 2011-2012.wps -> C:\READ CLINIC BILLING 2011-2012.wps -> [2012/07/18 15:15:38 | 000,042,496 | ---- | M] ()
     LCBA Summer League july 17th 2012[modified][1].pdf -> C:\Documents and Settings\Administrator\My Documents\LCBA Summer League july 17th 2012[modified][1].pdf -> [2012/07/17 11:48:06 | 000,043,141 | ---- | M] ()
     BSDLF 2008 - DEC 2014.xlr -> C:\BSDLF 2008 - DEC 2014.xlr -> [2012/07/13 15:33:39 | 000,388,096 | ---- | M] ()
     June 2012.xlr -> C:\June 2012.xlr -> [2012/07/13 15:17:13 | 000,148,992 | ---- | M] ()
     2008-2012  OUTSTANDING CHECKS.xlr -> C:\2008-2012  OUTSTANDING CHECKS.xlr -> [2012/07/13 14:42:24 | 000,085,504 | ---- | M] ()
     imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/07/11 03:03:45 | 000,001,374 | ---- | M] ()
     May 2012.xlr -> C:\May 2012.xlr -> [2012/07/06 17:15:17 | 000,147,968 | ---- | M] ()
     April 2012.xlr -> C:\April 2012.xlr -> [2012/07/06 09:41:38 | 000,160,256 | ---- | M] ()
     March 2012.xlr -> C:\March 2012.xlr -> [2012/07/05 16:50:13 | 000,162,816 | ---- | M] ()
     BSDLF 2005 - DEC 2012.xlr -> C:\BSDLF 2005 - DEC 2012.xlr -> [2012/07/05 15:25:28 | 000,441,344 | ---- | M] ()
     1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
     1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
     1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> 
     
    [Files - No Company Name]
     Boot.bak -> C:\Boot.bak -> [2012/08/01 16:27:29 | 000,000,211 | ---- | C] ()
     cmldr -> C:\cmldr -> [2012/08/01 16:27:21 | 000,260,272 | RHS- | C] ()
     PEV.exe -> C:\WINDOWS\PEV.exe -> [2012/08/01 16:25:11 | 000,256,000 | ---- | C] ()
     MBR.exe -> C:\WINDOWS\MBR.exe -> [2012/08/01 16:25:11 | 000,208,896 | ---- | C] ()
     sed.exe -> C:\WINDOWS\sed.exe -> [2012/08/01 16:25:11 | 000,098,816 | ---- | C] ()
     grep.exe -> C:\WINDOWS\grep.exe -> [2012/08/01 16:25:11 | 000,080,412 | ---- | C] ()
     zip.exe -> C:\WINDOWS\zip.exe -> [2012/08/01 16:25:11 | 000,068,096 | ---- | C] ()
     7zip_RocketFuelInstaller.exe -> C:\Documents and Settings\Administrator\Desktop\7zip_RocketFuelInstaller.exe -> [2012/08/01 15:32:44 | 000,442,864 | ---- | C] ()
     WVCheck.exe -> C:\Documents and Settings\Administrator\Desktop\WVCheck.exe -> [2012/07/31 16:10:01 | 003,514,358 | ---- | C] ()
     gmer 1.0.15.15641 btsl2b1p.exe -> C:\Documents and Settings\Administrator\Desktop\gmer 1.0.15.15641 btsl2b1p.exe -> [2012/07/27 09:20:40 | 000,302,592 | ---- | C] ()
     Berry yellow pages 2012 ad friedmans3[1].pdf -> C:\Documents and Settings\Administrator\My Documents\Berry yellow pages 2012 ad friedmans3[1].pdf -> [2012/07/26 12:07:34 | 000,849,434 | ---- | C] ()
     dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat -> [2012/07/24 10:30:04 | 000,027,520 | ---- | C] ()
     SMSCRMGR.SAV -> C:\WINDOWS\SMSCRMGR.SAV -> [2012/07/23 08:41:21 | 000,000,006 | ---- | C] ()
     LCBA Summer League july 17th 2012[modified][1].pdf -> C:\Documents and Settings\Administrator\My Documents\LCBA Summer League july 17th 2012[modified][1].pdf -> [2012/07/17 11:48:02 | 000,043,141 | ---- | C] ()
     Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2012/07/17 11:13:47 | 000,000,830 | ---- | C] ()
     June 2012.xlr -> C:\June 2012.xlr -> [2012/07/13 13:48:36 | 000,148,992 | ---- | C] ()
     BSDLF 2008 - DEC 2014.xlr -> C:\BSDLF 2008 - DEC 2014.xlr -> [2012/07/05 15:26:03 | 000,388,096 | ---- | C] ()
     iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/15 11:24:09 | 000,003,072 | ---- | C] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/11/01 07:51:43 | 000,003,584 | ---- | C] ()
    < End of report >
    
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,659
    Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.

    Code:
    [Kill All Processes]
    [Unregister Dlls]
    [Registry - Safe List]
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    YN -> {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Reg Error: Key error.]
    YN -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Reg Error: Key error.]
    YN -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16]
    YN -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.]
    [Files/Folders - Created Within 30 Days]
    NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY ->  1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY ->  dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
    NY ->  1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY ->  1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY ->  1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp
    [Files - No Company Name]
    NY ->  dt.dat -> C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [Start Explorer]
    [Reboot]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1062846