Jump to content

PC won't start after running Malwarebytes


tduro

Recommended Posts

My PC had been acting a little odd. Nothing I can pinpoint, but some programs took a couple tries before they would run. And I've had to reboot the PC more frequently than usual to keep things running clean.

So I ran Avira Antivir, and it found nothing, however I'm not sure if it ran cleanly, as there were a couple error messages as it was finishing.

Then I ran Malwarebytes. It found 30 infections, which I opted to remove. It then said I had to restart to complete the process. When I hit OK, the PC tried to reboot, but was unable to completely start up. Instead it tries to reboot over and over again, in an endless loop.

I tried rebooting into safe mode, and the same thing happens.

Link to post
Share on other sites

Hi, please let me know what version of windows you are running and if you have a windows installation CD at hand we can use.

We Need to Diagnose Your BlueScreen

  1. When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  2. Select "Disable Automatic Restart on System Failure", as shown here:
    disableautomaticrestart.png
  3. When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg

Please post me the error(s).

Link to post
Share on other sites

Hi Elise,

Thank you for offering to help me.

I'm running Windows XP. I do not have an installation disk.

The BSOD reads: "STOP: c000007b {Bad Image}

The application or DLL \??\C:\WINDOWS\System32\sfcfiles.dll is not a valid windows image. Please check this against your installation diskette."

Link to post
Share on other sites

Elise,

Can you be more specific about what you need? I think I have XP-Home, as it was a Best Buy purchase. I might be able to get an XP-Pro CD from work, but they're not sure it will work without giving me their admin password, which they won't do. They have a Windows 98 CD that I could try, but I'm not sure if that's what you need me to do.

Thanks,

Tom

Link to post
Share on other sites

Hi, it doesn't matter what version of XP (Home/Pro) the CD is and you do not need any password/product key for it. It just has to be a legit installation CD.

We can use that to create a bootable disk. The CD is only needed for copying the i386 folder from the XP CD to a temporary folder on a working computer, from which they will be incorporated in a bootable CD.

Link to post
Share on other sites

Let's try to boot your computer using a Boot CD.

Please print this guide for future reference!

You will need a blank CD, your Windows XP install disc, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. Please tell me what error messages you got and/or what steps you got hung up on.

1. Download the PE Builder to your desktop

http://www.nu2.nu/download.php?sFile=pebuilder3110a.exe

  • Double-Click on the PE Builder that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.

2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive

  • Double-Click on PE Builder.exe located on your desktop.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.

        [*]Custom: (include files and folders from this directory)

        • No information is necessary, leave blank.

        [*]Output:

        • Keep the default

    • Media output
      • Choose Create ISO image

      • Do not choose Burn to CD/DVD
        • Download the RunScanner plugin and save it to your desktop

        http://www.paraglidernc.com/Files/RunScanner10025.cab

        Please note: You will be prompted for the folder that it shall be saved. By default it appears as runscanner10025. It should be modified to just runscanner <--- Important!!!

        • Press the Plugin button on the PE Builder interface
        • Press the Add button and navigate to the location of the RunScanner plugin to install
        • Please note: If you are using a Windows XP disc with sp2 then highlight RpsSS needs to launch DComLaunch and then press Enable

        [*]When your done press Close and the PE Builder interface will re-appear

    3. Click on the "Build" button

    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit

    4. Burn your ISO file to CD

    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.

    http://oldtimer.geekstogo.com/OTLPE.zip

    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the PE Builder ISO CD That You Have Created

    • Insert the CD in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.

      [*]Once the desktop appears, you will receive a message asking: Do you want to start Network support?

      • Click on No

      [*]After it loads press the Go button in the lower left and do this....

      • Go
      • System
      • Display
      • Screen Resolution
      • 1024x768

      Next choose....

      • Go
      • Programs
      • A43 File Management Utility

    ==========

    In A43File Management you should see your flash drive

    Navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.cmd.

    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start
      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to Use Safelist
      • Uncheck LOP and Purity check

      Please note: Stay with your computer during the course of the scan. If "Entry Point Errors" are encountered simply press "ok" and allow the program to continue. <-- Important!!

      [*]Push runscanbutton.png

      [*]A report will open named "OTL.tx"t and another will be minimized to the system tray named "Extra.txt". Save both log's to your flash drive. Copy and Paste them in your next reply.

Link to post
Share on other sites

Wow! I can't believe we pulled that off without any hiccups. Here's the files:

Extras.txt

OTL Extras logfile created on: 11/30/2010 6:35:15 PM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = H:\OTLPE\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 80.00% Memory free

874.00 Mb Paging File | 833.00 Mb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 177.79 Gb Total Space | 115.44 Gb Free Space | 64.93% Space Free | Partition Type: NTFS

Drive H: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.93% Space Free | Partition Type: FAT

Drive J: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32

Drive X: | 156.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)

"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)

"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery

"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1bbf7e39-7953-4c4e-816e-2e8b730dab91}" = Check Point SSL Network Extender Service

"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21

"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload

"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

"{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices

"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig

"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player

"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A

"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5080900B-7E07-4926-ACD2-CB083E3B66E2}" = WD SmartWare

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade

"{54DEF122-41FD-469B-AD4A-9AA0AE4DF592}" = 1600_Help

"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA

"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap

"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1

"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1

"{68D1D94B-F191-487A-A51A-ED9B194AEF73}" = 1600Trb

"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

"{707CF19F-3948-4313-A5D4-9FBC256A2A53}" = PenCam SD Manager

"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin

"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08

"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder

"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{905eb1d9-8674-4384-884c-4e26e3127b76}" = Check Point SSL Network Extender Components Shell

"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player

"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client

"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers

"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AC76BA86-7AD7-5676-5A64-7E8A45000001}" = Adobe Reader Korean Fonts

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone

"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA

"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI

"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010

"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

I think I see the problem here. A harddisk controller is missing. First we need to look for a replacement copy.

Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field. Click the NONE button, then click the Run Scan button. Post me the resulting log.

/md5start
ftsata2.sys
/md5stop

Link to post
Share on other sites

Elise, here's the log:

OTL logfile created on: 12/1/2010 11:48:58 AM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = H:\OTLPE\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 766.00 Mb Available Physical Memory | 80.00% Memory free

874.00 Mb Paging File | 834.00 Mb Available in Paging File | 95.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 177.79 Gb Total Space | 115.45 Gb Free Space | 64.93% Space Free | Partition Type: NTFS

Drive H: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.92% Space Free | Partition Type: FAT

Drive J: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32

Drive X: | 156.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

Using ControlSet: ControlSet001

========== Custom Scans ==========

< End of report >

Link to post
Share on other sites

Hi, I found the driver package containing the file. Please download this (on a working computer): ftp://ftp.hp.com/pub/softlib/software7/CO...4-1/sp35039.exe

Then please install 7zip (if you don't have it already) and install it.

Rightclick on the sp35039.exe file you just downloaded, select 7zip > Extract Here.

After the files are extracted, open the following folders: Source > Offline Drivers > Drivers > Promise_1_00_0030_40

Right click on the ftsata2.sys file and select Copy.

Open a flashdrive, right click on it and select Paste.

Now transfer your flashdrive to the BartPE desktop. Use A43 to navigate to your flashdrive, right click on ftsata2.sys, select Copy.

Then navigate to c:\windows\system32\drivers, right click in an empty space in the folder and select Paste. You should now have: c:\windows\system32\drivers\ftsata2.sys

Try to reboot your computer normally and let me know what happens.

Link to post
Share on other sites

I was able to follow all the instructions. When trying to reboot normally, I had the same problems as in the beginning (repeated attempts/failures to reboot). I turned off the "restart on system failure option", and the BSOD reads the same as in the beginning:

STOP: c000007b {Bad Image}

The application or DLL \??\C:\WINDOWS\System32\sfcfiles.dll is not a valid windows image. Please check this against your installation diskette.

Link to post
Share on other sites

Here it is:

OTL logfile created on: 12/2/2010 7:19:00 AM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = D:\OTLPE\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 713.00 Mb Available Physical Memory | 74.00% Memory free

874.00 Mb Paging File | 813.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 177.79 Gb Total Space | 115.45 Gb Free Space | 64.93% Space Free | Partition Type: NTFS

Drive D: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.92% Space Free | Partition Type: FAT

Drive J: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32

Drive X: | 156.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/10/05 19:28:12 | 001,060,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)

SRV - [2010/10/05 19:27:52 | 000,484,352 | ---- | M] () [Auto] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)

SRV - [2010/10/05 19:24:38 | 000,237,056 | ---- | M] (WDC) [Auto] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2010/08/02 21:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/02 21:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/06/11 01:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009/12/17 22:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2007/10/25 20:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

SRV - [2006/09/12 22:14:18 | 000,307,295 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)

SRV - [2005/08/03 07:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto] -- C:\WINDOWS\arservice.exe -- (ARSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | Auto] -- -- (MCSTRM)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- C:\WINDOWS\System32\DRIVERS\ivusb.sys -- (ivusb)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/11/26 03:13:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/08/02 21:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/06/17 20:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 20:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/04/29 19:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/12/17 22:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)

DRV - [2009/04/02 03:27:58 | 000,064,160 | ---- | M] (Juniper Networks) [Kernel | System] -- C:\WINDOWS\system32\drivers\NEOFLTR_600_14137.sys -- (NEOFLTR_600_14137) Juniper Networks TDI Filter Driver (NEOFLTR_600_14137)

DRV - [2009/02/13 16:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/11/21 08:37:14 | 000,064,480 | ---- | M] (Juniper Networks) [Kernel | System] -- C:\WINDOWS\system32\drivers\NEOFLTR_630_13725.sys -- (NEOFLTR_630_13725) Juniper Networks TDI Filter Driver (NEOFLTR_630_13725)

DRV - [2007/04/09 14:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2007/04/09 14:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2007/04/09 14:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)

DRV - [2006/09/12 22:14:18 | 000,109,008 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA)

DRV - [2006/06/08 02:06:58 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)

DRV - [2006/06/07 20:33:34 | 000,855,018 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)

DRV - [2006/06/07 20:29:10 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

DRV - [2006/06/07 20:28:40 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)

DRV - [2006/06/07 20:28:20 | 000,149,028 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)

DRV - [2006/06/07 20:26:52 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)

DRV - [2006/06/07 20:23:20 | 000,047,811 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)

DRV - [2005/12/12 21:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

DRV - [2005/08/29 22:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/08/14 05:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/06/29 18:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)

DRV - [2005/06/17 21:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2005/03/09 21:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/03/04 18:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2004/12/15 22:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2004/12/15 22:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/12/15 22:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2004/08/04 05:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2002/08/31 02:35:32 | 000,516,635 | ---- | M] (Digital Camera) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ca100v.sys -- (Ca100v)

DRV - [2002/07/26 22:19:48 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\HP_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

IE - HKU\Jessica_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Jessica_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Jessica_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Jessica_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?sourceid=navclient&ie=UTF-8

IE - HKU\Jessica_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Jessica_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Laura_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Laura_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Laura_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Laura_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Laura_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\Stephen_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\Stephen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Stephen_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/07/16 01:38:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\HP_Administrator_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\HP_Administrator_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\Jessica_ON_C\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\Jessica_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\Laura_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\Stephen_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)

O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\Guest_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\HP_Administrator_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\Jessica_ON_C..\Run: [Aim6] File not found

O4 - HKU\Jessica_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\Stephen_ON_C..\Run: [Aim6] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)

O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\HP_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\Jessica_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Laura_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\Stephen_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)

O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://secure.ugi.com/CACHE/sdesktop/insta...ies/instweb.cab (CSD ActiveX Installer)

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} https://vpn.ugi.com/sre/ICSScanner.cab (ICSScanner Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} https://vpn.ugi.com/SNX/CSHELL/extender.cab (SlimClient Class)

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://24.229.34.148/viewer/activeXViewer/activexviewer.cab (Crystal Report Smart Viewer 7)

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://secure.shh.org/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/12/02 23:55:00 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - J:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004/11/02 19:04:58 | 000,000,046 | R--- | M] () - X:\autorun.inf -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/01 17:16:20 | 000,175,104 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ftsata2.sys

[2010/11/29 01:21:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010/11/29 01:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Avira

[2010/11/26 13:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Adobe

[2010/11/26 03:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Start Menu

[2010/11/25 12:41:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\PrivacIE

[2010/11/25 07:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Sun

[2010/11/25 03:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Apple Computer

[2010/11/25 03:01:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Western Digital

[2010/11/25 03:00:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Guest\IETldCache

[2010/11/24 20:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Local Settings\Application Data\Western Digital

[2010/11/09 22:04:10 | 000,000,000 | ---D | C] -- C:\.www.rs7server.com_Webclient_Cache

[2010/11/02 14:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stephen\Local Settings\Application Data\Western Digital

[2005/05/12 14:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 22:21:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/29 16:44:13 | 000,238,552 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/11/29 16:44:01 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2010/11/29 15:50:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/11/29 15:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/29 05:45:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/11/28 19:52:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/27 22:05:51 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk

[2010/11/27 21:44:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2010/11/27 21:44:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2010/11/27 20:57:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2010/11/27 20:57:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2010/11/27 20:48:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2010/11/27 20:48:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2010/11/26 19:01:31 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/26 16:31:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2010/11/26 16:31:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2010/11/26 03:13:49 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/25 06:26:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2010/11/25 06:26:59 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm

[2010/11/25 06:26:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2010/11/25 06:26:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2010/11/25 03:01:04 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Guest\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/24 22:54:44 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Microsoft Excel.lnk

[2010/11/23 21:58:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2010/11/23 21:58:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2010/11/22 21:38:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2010/11/22 21:38:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2010/11/22 21:32:32 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Stephen\Desktop\Microsoft Word.lnk

[2010/11/22 21:30:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2010/11/22 21:30:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2010/11/21 21:28:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2010/11/21 21:28:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2010/11/20 13:30:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2010/11/20 13:30:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2010/11/17 01:30:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2010/11/17 01:30:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2010/11/17 01:28:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2010/11/17 01:28:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2010/11/16 15:16:06 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/16 15:14:33 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk

[2010/11/15 22:32:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2010/11/15 22:32:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2010/11/12 22:14:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2010/11/12 22:14:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2010/11/09 23:19:27 | 000,474,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/09 23:19:27 | 000,085,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/09 21:58:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2010/11/09 21:58:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2010/11/09 03:03:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2010/11/09 03:03:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010/11/09 00:29:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2010/11/09 00:29:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2010/11/08 19:46:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2010/11/08 19:46:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2010/11/03 17:31:33 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Laura\My Documents\Encounter List View Set Up.doc

[2010/11/03 17:29:59 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Laura\My Documents\To Customize an Encounter List View.doc

[2010/11/03 16:48:28 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Laura\My Documents\Task Set Up.doc

[2010/11/03 01:57:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2010/11/03 01:57:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/25 03:06:14 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\Guest\Desktop\FMS.lnk

[2010/11/16 15:14:30 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Laura\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk

[2010/11/03 17:17:44 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Laura\My Documents\To Customize an Encounter List View.doc

[2010/11/03 03:27:42 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Laura\My Documents\Encounter List View Set Up.doc

[2010/10/31 19:34:31 | 000,238,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/10/30 16:11:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010/10/30 16:11:16 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/10/30 16:11:16 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/10/30 16:11:15 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/10/30 16:11:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2010/03/24 19:15:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stephen\jagex__preferences3.dat

[2010/03/20 02:54:42 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences2.dat

[2010/02/02 02:04:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll

[2010/02/02 01:55:40 | 000,000,075 | ---- | C] () -- C:\WINDOWS\TaxACT09.ini

[2010/01/26 19:45:16 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Stephen\jagex_runescape_preferences2.dat

[2009/06/01 22:46:38 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\jagex_runescape_preferences.dat

[2009/04/19 22:36:43 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/02/17 23:01:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\TaxACT08.ini

[2008/12/27 23:14:15 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\mcs.rma

[2008/12/27 23:14:15 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\24F480

[2008/12/25 21:21:26 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\mcs.rma

[2008/12/25 21:21:26 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\24F480

[2008/08/23 22:08:42 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Stephen\jagex_runescape_preferences.dat

[2008/03/24 22:03:13 | 000,000,056 | ---- | C] () -- C:\WINDOWS\TaxACT07.ini

[2008/03/03 20:47:33 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/15 20:36:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Screen Cleaner.ini

[2008/02/14 00:22:16 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll

[2008/02/14 00:21:30 | 000,000,615 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2007/11/02 20:04:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

[2007/08/12 21:36:54 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

[2007/02/21 23:40:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2007/01/20 14:06:50 | 000,000,123 | ---- | C] () -- C:\WINDOWS\TaxACT06.ini

[2007/01/05 01:54:23 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI

[2007/01/04 22:46:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll

[2007/01/04 22:46:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll

[2007/01/04 22:46:25 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll

[2007/01/04 22:46:25 | 000,014,380 | ---- | C] () -- C:\WINDOWS\Tw100.ini

[2007/01/04 22:46:25 | 000,014,118 | ---- | C] () -- C:\WINDOWS\USB_CAM.INI

[2007/01/04 22:46:25 | 000,001,722 | ---- | C] () -- C:\WINDOWS\Ca100.ini

[2007/01/04 22:46:25 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Setup504.ini

[2007/01/04 22:46:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll

[2007/01/04 22:46:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll

[2007/01/04 22:46:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll

[2006/06/07 20:52:08 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2006/05/11 18:58:23 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\G-Force Prefs (WindowsMediaPlayer).txt

[2006/04/20 00:31:55 | 000,040,596 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log

[2006/04/20 00:31:55 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini

[2006/04/20 00:31:45 | 000,003,045 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log

[2006/04/20 00:31:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini

[2006/04/20 00:30:38 | 000,006,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

[2006/04/20 00:30:38 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini

[2006/04/20 00:29:29 | 000,120,564 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log

[2006/04/20 00:29:29 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini

[2006/03/27 23:55:06 | 000,000,404 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-PackardHP PSC 1600 series1142644012_UI.log

[2006/03/27 23:55:06 | 000,000,316 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-PackardHP PSC 1600 series1142644012_PROTOCOL.log

[2006/03/27 23:55:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Hewlett-PackardHP PSC 1600 series1142644012_API.log

[2006/03/27 23:55:05 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2006/03/23 23:06:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat

[2006/03/23 20:53:54 | 000,000,063 | ---- | C] () -- C:\WINDOWS\eFaxView.ini

[2006/03/20 23:12:17 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\fusioncache.dat

[2006/03/19 20:40:57 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Laura\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/03/19 12:34:50 | 000,002,211 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log

[2006/03/19 12:34:50 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini

[2006/03/19 02:01:48 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Stephen\Local Settings\Application Data\fusioncache.dat

[2006/03/18 15:56:11 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini

[2006/03/18 15:38:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Laura\Local Settings\Application Data\fusioncache.dat

[2006/03/18 14:28:17 | 000,001,088 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI

[2006/03/18 14:28:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2006/03/18 14:28:15 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[2006/03/18 13:42:34 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/03/18 13:39:56 | 000,000,109 | ---- | C] () -- C:\WINDOWS\TaxACT05.ini

[2006/03/18 01:00:25 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat

[2005/12/03 00:21:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/12/03 00:02:13 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2005/12/02 23:57:42 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005/12/02 23:57:35 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005/12/02 23:55:33 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2005/12/02 23:52:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/12/02 23:48:06 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/12/02 23:48:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/12/02 23:48:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/12/02 23:48:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/12/02 23:48:06 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/12/02 23:48:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/12/02 23:42:51 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2005/12/02 23:41:57 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini

[2005/12/02 23:30:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/12/02 23:16:15 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/12/02 23:13:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat

[2005/12/02 23:09:57 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005/12/02 23:09:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005/12/02 23:09:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005/10/05 20:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/08/31 12:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/08/06 05:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/08/03 07:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll

[2004/08/10 12:00:00 | 001,614,848 | ---- | C] () -- C:\WINDOWS\System32\sfcfiles.dll

[2004/07/26 22:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2001/07/07 06:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

Link to post
Share on other sites

Elise, I just missed your earlier message as I left for work. Here's the log you requested.

OTL logfile created on: 12/2/2010 11:56:29 AM - Run

OTLPE by OldTimer - Version 3.1.43.0 Folder = J:\OTLPE\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 803.00 Mb Available Physical Memory | 84.00% Memory free

874.00 Mb Paging File | 847.00 Mb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 177.79 Gb Total Space | 115.45 Gb Free Space | 64.93% Space Free | Partition Type: NTFS

Drive I: | 8.50 Gb Total Space | 1.12 Gb Free Space | 13.14% Space Free | Partition Type: FAT32

Drive J: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.91% Space Free | Partition Type: FAT

Drive X: | 156.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-JVC | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

Using ControlSet: ControlSet001

========== Custom Scans ==========

< MD5 for: SFCFILES.DLL >

[2004/08/10 12:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[2004/08/10 12:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll

[2008/04/14 00:12:05 | 001,614,848 | ---- | M] () MD5=7FF9A5391EF00ADAA21C55B4A9075FC3 -- C:\WINDOWS\system32\sfcfiles.dll

[2008/04/14 00:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll

< End of report >

Link to post
Share on other sites

No problem! The following fix ought to get you booting again. :D

Rerun OTLPE, copy/paste the following script and click Run Fix. Try to boot normally afterwards.

:files
C:\WINDOWS\system32\sfcfiles.dll|C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll /replace

Link to post
Share on other sites

Elise, it worked! I was able to boot to my desktop. I'm on my way back to work now. I won't be with my sick PC again until I return home this evening. Do you think it's fixed now, or do you suspect virus activity that we need to clean up?

Thanks,

Tom

Link to post
Share on other sites

I do not only suspect it, I also see it in your logs. :D

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Log.txt in your next reply.

Link to post
Share on other sites

Here it is:

ComboFix 10-12-02.01 - HP_Administrator 12/02/2010 17:31:53.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.419 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-11-02 to 2010-12-02 )))))))))))))))))))))))))))))))

.

2010-12-02 12:27 . 2010-12-02 12:27 -------- d-----w- C:\_OTL

2010-12-01 17:16 . 2005-06-29 18:03 175104 ----a-w- c:\windows\system32\drivers\ftsata2.sys

2010-11-29 01:21 . 2010-11-29 03:57 -------- d-----w- c:\windows\system32\NtmsData

2010-11-29 01:03 . 2010-11-29 01:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avira

2010-11-26 14:21 . 2010-09-23 23:27 10450432 ------w- c:\temp\RockboxUtility.exe

2010-11-26 13:27 . 2010-11-26 13:28 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

2010-11-25 12:41 . 2010-11-25 12:41 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE

2010-11-25 03:02 . 2010-11-25 03:02 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer

2010-11-25 03:01 . 2010-11-25 03:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Western Digital

2010-11-25 03:00 . 2010-11-25 03:00 -------- d-sh--w- c:\documents and settings\Guest\IETldCache

2010-11-24 20:02 . 2010-11-24 20:02 -------- d-----w- c:\documents and settings\Jessica\Local Settings\Application Data\Western Digital

2010-11-09 22:04 . 2010-11-09 22:06 -------- d-----w- C:\.www.rs7server.com_Webclient_Cache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-26 03:13 . 2009-07-25 11:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-18 16:23 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-10 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-10 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-05 06:13 . 2010-09-05 06:13 398744 ----a-r- c:\windows\cpnprt2.cid

2010-09-05 06:13 . 2010-09-05 06:13 398744 ------w- c:\windows\system32\cpnprt2.cid

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-04-15 1073152]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-10-5 5200384]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [4/1/2009 10:27 PM 64160]

R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [11/21/2008 3:37 AM 64480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 6:19 AM 135336]

R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/12/2006 5:14 PM 307295]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 5:32 PM 497856]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/5/2010 2:24 PM 237056]

R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [10/5/2010 2:28 PM 1060352]

R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [10/5/2010 2:27 PM 484352]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/12/2006 5:14 PM 109008]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:20 AM 135664]

S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [1/4/2007 5:46 PM 516635]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/29/2010 7:54 PM 11520]

.

Contents of the 'Scheduled Tasks' folder

2010-12-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 03:16]

2010-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20]

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyServer = http=127.0.0.1:5643

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: trymedia.com

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab

DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab

DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab

DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-02 17:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system.ini 285 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2040)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\windows\ARPWRMSG.EXE

c:\program files\DISC\DiscUpdMgr.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-12-02 18:09:02 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-02 23:08

ComboFix2.txt 2010-07-16 01:52

Pre-Run: 124,622,786,560 bytes free

Post-Run: 130,829,541,376 bytes free

- - End Of File - - 14ED115523BF1DC27260AEED1FB5231C

Link to post
Share on other sites

Hi again, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Now, please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

All ran smoothly. Here's the logs:

ComboFix 10-12-02.01 - HP_Administrator 12/03/2010 7:15.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.447 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))

.

2010-12-02 12:27 . 2010-12-02 12:27 -------- d-----w- C:\_OTL

2010-12-01 17:16 . 2005-06-29 18:03 175104 ----a-w- c:\windows\system32\drivers\ftsata2.sys

2010-11-29 01:21 . 2010-11-29 03:57 -------- d-----w- c:\windows\system32\NtmsData

2010-11-29 01:03 . 2010-11-29 01:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Avira

2010-11-26 14:21 . 2010-09-23 23:27 10450432 ------w- c:\temp\RockboxUtility.exe

2010-11-26 13:27 . 2010-11-26 13:28 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe

2010-11-25 12:41 . 2010-11-25 12:41 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE

2010-11-25 03:02 . 2010-11-25 03:02 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer

2010-11-25 03:01 . 2010-11-25 03:01 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Western Digital

2010-11-25 03:00 . 2010-11-25 03:00 -------- d-sh--w- c:\documents and settings\Guest\IETldCache

2010-11-24 20:02 . 2010-11-24 20:02 -------- d-----w- c:\documents and settings\Jessica\Local Settings\Application Data\Western Digital

2010-11-09 22:04 . 2010-11-09 22:06 -------- d-----w- C:\.www.rs7server.com_Webclient_Cache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-26 03:13 . 2009-07-25 11:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-09-18 16:23 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2004-08-10 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2004-08-10 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2004-08-10 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-10 05:58 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-05 06:13 . 2010-09-05 06:13 398744 ----a-r- c:\windows\cpnprt2.cid

2010-09-05 06:13 . 2010-09-05 06:13 398744 ------w- c:\windows\system32\cpnprt2.cid

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-04-15 1073152]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-10-5 5200384]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 NEOFLTR_600_14137;Juniper Networks TDI Filter Driver (NEOFLTR_600_14137);c:\windows\system32\drivers\NEOFLTR_600_14137.sys [4/1/2009 10:27 PM 64160]

R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [11/21/2008 3:37 AM 64480]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 6:19 AM 135336]

R2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [9/12/2006 5:14 PM 307295]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [12/17/2009 5:32 PM 497856]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [10/5/2010 2:24 PM 237056]

R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [10/5/2010 2:28 PM 1060352]

R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [10/5/2010 2:27 PM 484352]

R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [9/12/2006 5:14 PM 109008]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 7:20 AM 135664]

S3 Ca100v;PenCam SD, WDM Video Capture;c:\windows\system32\drivers\Ca100v.sys [1/4/2007 5:46 PM 516635]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [10/29/2010 7:54 PM 11520]

.

Contents of the 'Scheduled Tasks' folder

2010-12-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 03:16]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 12:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

Trusted Zone: trymedia.com

Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://secure.ugi.com/CACHE/stc/6/binaries/vpnweb.cab

DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} - hxxps://secure.ugi.com/CACHE/sdesktop/install/binaries/instweb.cab

DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxps://vpn.ugi.com/sre/ICSScanner.cab

DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://vpn.ugi.com/SNX/CSHELL/extender.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-03 07:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(412)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2010-12-03 07:33:46

ComboFix-quarantined-files.txt 2010-12-03 12:33

ComboFix2.txt 2010-12-02 23:09

ComboFix3.txt 2010-07-16 01:52

Pre-Run: 130,892,034,048 bytes free

Post-Run: 130,845,474,816 bytes free

- - End Of File - - EBEF3560126537884CE116AAF8323F10

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

12/3/2010 9:11:26 AM

mbam-log-2010-12-03 (09-11-26).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|L:\|)

Objects scanned: 350509

Time elapsed: 1 hour(s), 32 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.