Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected c:cleanup.exe c:\cleanup.bat C:\zip.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 bill49miller

bill49miller

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 12 February 2010 - 01:12 AM

Dear Sir:

I need some help. My wife and I have three computers, a desktop running XP Pro and two HP Pavilion dv2000's also running XP
Pro. All three are infected.

In December I opened an email which appeared to be from my bank, The next time I opened my bank's web page, and
logged in it did not look right to me and I closed the browser.

Soon afterwards, I realized I was infected with a trojan/virus/worm or whatever. I thought that my AVG antivirus removed it,
but the problem persists.

I took the computer to my local computer shop where they ran the harddrive as a slave to their master, running a Computer
Associates antivirus, which deleted C:\cleanup.exe and declared the computer clean. After I got it home, the problem
began to reappear when I uninstalled, then reinstalled Malwarebytes, and ran it.

It is for the most part very latent, and is not detected by Micorsoft's online scanner, or by AVG, or by the normal Malwarebytes'
scanner. But if I run the randomly named Malwarebytes' .exe or GMER or RootRepeal it will take over the computer and freeze
up all operations.

It creates a files named C:\cleanup.exe and C:\cleanup.bat and C:\zip.exe and alters the ServiceGroupOrder registry.

I was unable to complete a full GMER scan as the trojan/virus/worm hijacked the computer. I copied the short immediate scan
results and attach them.

Per you instructions:
I have backed up my data onto a usb Seagate harddrive, which may or may not be infected.
I have created an account and enabled immediate email notification.
My XP firewall is enabled.
I ran defogger to disable any CD emulation software (it found none)
I downloaded DDS and below is the text.
I downloaded GMER, and I attach the short immediate scan results, but the virus hijacked the computer during the long scan
and it did not complete.





DDS (Ver_09-12-01.01) - NTFSx86
Run by Bill at 18:06:06.76 on Thu 02/11/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.994 [GMT -8:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

Thank you for any help you are able to give. I am at the end of my abilities.






============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Bill\Desktop\fixinMB\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bill\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk
mWindow Title =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [Six Engine] "c:\program files\asus\epu\EPU.exe" -r
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\documents and settings\bill\desktop\fixinmb\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_18.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262482328250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257913800125
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://totalinvestmentmanagement.webex.com/client/T26L/nbr/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2007-9-13 115973]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-1-9 11448]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-19 163280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-19 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-19 40384]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2002-9-20 53248]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RalinkRegistryWriter.exe [2010-1-2 69632]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-19 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-19 40384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-2-10 38224]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
R3 PIAFCTM;NetworkActiv PIAFCTM Packet Driver Miniport;c:\windows\system32\drivers\PIAFCTM.sys [2008-4-29 15488]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-15 993280]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-19 133104]
S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\drivers\sharshtl.sys [2005-7-25 18432]
S3 CA_LIC_CLNT;CA License Client;c:\program files\ca\sharedcomponents\ca_lic\lic98rmt.exe [2002-9-20 77824]
S3 CA_LIC_SRVR;CA License Server;c:\program files\ca\sharedcomponents\ca_lic\lic98rmtd.exe [2002-9-20 77824]
S3 epstw2k;SCM Parallel Port SCSI Driver;c:\windows\system32\drivers\epstw2k.sys [2001-8-17 114944]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TMSPPCI;PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2005-6-30 19440]
S3 TMSPPCIP;PCI Multi I/O Parallel Port Driver;c:\windows\system32\drivers\snxppal.sys [2005-6-30 23408]

=============== Created Last 30 ================

2010-02-12 01:48:17 0 ----a-w- c:\documents and settings\bill\defogger_reenable
2010-02-10 19:00:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 19:00:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-10 18:46:05 19286 ----a-w- C:\cleanup.exe
2010-02-10 18:46:05 135168 ----a-w- C:\zip.exe
2010-02-06 11:26:21 574 ----a-w- C:\cleanup.bat
2010-02-05 14:22:48 0 ------w- C:\dir
2010-02-04 07:51:55 1878212608 ------w- c:\windows\MEMORY.DMP
2010-02-04 04:46:14 0 d-----w- c:\program files\Abto LLC
2010-02-04 04:19:12 0 d-----w- c:\program files\Unlocker
2010-01-23 00:29:58 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-01-23 00:13:12 0 d-----w- c:\windows\system32\XPSViewer
2010-01-23 00:09:50 0 d-----w- c:\docume~1\bill\applic~1\Windows Desktop Search
2010-01-23 00:07:04 0 d-----w- c:\windows\system32\URTTemp
2010-01-21 21:55:50 148135 ------w- C:\MGlogs.zip
2010-01-21 21:55:49 0 d-----w- C:\MGtools
2010-01-21 19:02:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-21 19:02:35 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-21 19:02:35 0 d-----w- c:\docume~1\bill\applic~1\SUPERAntiSpyware.com
2010-01-21 07:32:17 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-20 03:36:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-19 18:03:15 0 d-----w- c:\docume~1\bill\applic~1\Malwarebytes
2010-01-19 18:03:09 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-19 18:03:08 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 17:09:20 98816 ------w- c:\windows\sed.exe
2010-01-19 17:09:20 77312 ------w- c:\windows\MBR.exe
2010-01-19 17:09:20 261632 ------w- c:\windows\PEV.exe
2010-01-19 17:09:20 161792 ------w- c:\windows\SWREG.exe
2010-01-19 01:00:51 42577 -c----w- c:\windows\system32\dllcache\bckgzm.exe
2010-01-18 22:47:51 0 d-----w- c:\program files\Microsoft Easy Assist
2010-01-18 22:47:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications
2010-01-18 21:38:35 0 d-----w- c:\docume~1\bill\applic~1\Windows Search
2010-01-18 18:43:09 0 d-----w- C:\4fab339f562616c245c8e97803794d12
2010-01-18 18:43:05 0 d-----w- C:\0d81ea61538dd6c01fd2cd91fd18
2010-01-18 18:11:35 0 d-----w- C:\2ec86b16eac5014203e260e74dab3e
2010-01-18 07:07:45 3426072 ------w- c:\windows\system32\d3dx9_32.dll
2010-01-18 07:07:40 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-18 07:06:34 0 d-----w- c:\program files\Microsoft
2010-01-18 06:58:32 0 d-----w- c:\program files\common files\Windows Live
2010-01-18 05:56:18 0 d-----w- c:\program files\CONEXANT
2010-01-18 05:44:51 0 d-----w- c:\program files\Windows Desktop Search
2010-01-18 05:43:08 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-01-18 05:43:08 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-01-18 05:43:08 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-01-16 08:05:44 0 d-----w- C:\$AVG
2010-01-16 08:05:03 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-16 06:02:26 0 d-----w- c:\program files\ATI Technologies
2010-01-16 05:46:40 529 ------r- c:\windows\system32\ATIODCLI.exe.manifest
2010-01-16 05:46:40 527 ------r- c:\windows\system32\ATIODE.exe.manifest
2010-01-16 05:46:39 307200 ------r- c:\windows\system32\atiiiexx.dll
2010-01-16 05:46:38 7167 ------r- c:\windows\system32\atifglpf.xml
2010-01-16 05:46:38 425984 ------r- c:\windows\system32\ATIDEMGX.dll
2010-01-16 05:46:34 887724 ------r- c:\windows\system32\ativva6x.dat
2010-01-16 05:46:33 3107788 ------r- c:\windows\system32\ativvaxx.dat
2010-01-16 05:46:33 3107788 ------r- c:\windows\system32\ativva5x.dat
2010-01-16 05:46:33 176214 ------r- c:\windows\system32\atiicdxx.dat
2010-01-15 04:21:49 319488 ------w- c:\windows\HideWin.exe
2010-01-15 03:59:38 229376 ------w- c:\windows\system32\drivers\ati2cqag.dll

==================== Find3M ====================

2010-01-20 17:51:11 574976 ------w- c:\windows\system32\drivers\ntfs.old
2010-01-10 18:02:22 128965 ------w- c:\windows\hpwins10.dat
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2010-01-03 07:24:35 102890 ------w- c:\windows\hpqins07.dat
2010-01-03 00:16:32 21361 ------w- c:\windows\system32\drivers\AegisP.sys
2010-01-03 00:16:31 376832 ------w- c:\windows\system32\AegisI5Installer.exe
2010-01-02 21:30:27 23392 ------w- c:\windows\system32\emptyregdb.dat
2009-12-18 01:14:00 411368 ------w- c:\windows\system32\deploytk.dll
2008-03-22 05:03:40 2 --sh-tr- c:\windows\winstart.bat

============= FINISH: 18:06:22.54 ===============




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-11 19:54:05
Windows 5.1.2600 Service Pack 3
Running: g,m,e,r.exe; Driver: C:\DOCUME~1\Bill\LOCALS~1\Temp\kfryyaob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA71DF52A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA71DF34E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA71DF488]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/06 04:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7685000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA324F000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771dc78

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771db34

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771e0e8

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771e012

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771d70a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771dc0e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771d64a

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771d6ae

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771dd2e

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771e1b6

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771dcee

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa771de6e


I also suspect that these following registry keys and values are changed:

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache | @"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE",-208
value date = Write Document

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder | List
value data =
System Reserved
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Encryption
FSFilter Compression
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Event Log
Streams Drivers
NDIS Wrapper
COM Infrastructure
UIGroup
LocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
AudioGroup
SmartCardGroup
NetworkProvider
RemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder | List
value data =
System Reserved
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Encryption
FSFilter Compression
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Event Log
Streams Drivers
NDIS Wrapper
COM Infrastructure
UIGroup
LocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
AudioGroup
SmartCardGroup
NetworkProvider
RemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\ServiceGroupOrder | List
value data =
System Reserved
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Encryption
FSFilter Compression
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Event Log
Streams Drivers
NDIS Wrapper
COM Infrastructure
UIGroup
LocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
AudioGroup
SmartCardGroup
NetworkProvider
RemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder | List
value data =
System Reserved
Boot Bus Extender
System Bus Extender
SCSI miniport
Port
Primary Disk
SCSI Class
SCSI CDROM Class
FSFilter Infrastructure
FSFilter System
FSFilter Bottom
FSFilter Copy Protection
FSFilter Security Enhancer
FSFilter Open File
FSFilter Physical Quota Management
FSFilter Encryption
FSFilter Compression
FSFilter HSM
FSFilter Cluster File System
FSFilter System Recovery
FSFilter Quota Management
FSFilter Content Screener
FSFilter Continuous Backup
FSFilter Replication
FSFilter Anti-Virus
FSFilter Undelete
FSFilter Activity Monitor
FSFilter Top
Filter
Boot File System
Base
Pointer Port
Keyboard Port
Pointer Class
Keyboard Class
Video Init
Video
Video Save
File System
Event Log
Streams Drivers
NDIS Wrapper
COM Infrastructure
UIGroup
LocalValidation
PlugPlay
PNP_TDI
NDIS
TDI
NetBIOSGroup
ShellSvcGroup
SchedulerGroup
SpoolerGroup
AudioGroup
SmartCardGroup
NetworkProvider
RemoteValidation
NetDDEGroup
Parallel arbitrator
Extended Base
PCI Configuration
MS Transactions






Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 12 February 2010 - 05:35 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 bill49miller

bill49miller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 14 February 2010 - 08:03 PM

Hello Sam,

I think I did not properly submit my first reply as it did not show up on this post. Please be patient. I am learning.

First, I have three infected computers, a desktop and two HP Pavilion laptops.
The desktop monitor stopped displaying and it would not even boot from the Windows XP cd. I dropped it off at the local computer shop.
I have since learned that I could probably have removed the ASUS motherboard battery, allowed the BIOS to reset itself,
and probably been back running again.

I am typing this reply on my infected HP Pavilion laptop. If you are willing we can deal with this one now, and get to the desktop
after I pick it up on or after Wednesday, Feb 17.

Here is the Combofix log and the DDS.txt and the Ark.txt (GMER) and the Attach.zip:



ComboFix 10-02-12.01 - William Miller 02/12/2010 21:06:44.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.491 [GMT -8:00]
Running from: c:\documents and settings\William Miller\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\COMCTL32.OCA

.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-13 05:05 . 2010-02-13 05:05 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Application Data\AVG9
2010-02-05 07:39 . 2010-02-05 07:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-05 07:24 . 2010-02-05 07:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-02-05 06:28 . 2010-02-05 06:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-05 04:23 . 2010-02-05 04:23 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Application Data\SUPERAntiSpyware.com
2010-02-05 04:14 . 2010-02-05 04:14 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Application Data\Malwarebytes
2010-02-05 04:14 . 2010-01-08 00:07 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 04:14 . 2010-01-08 00:07 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-02-05 04:10 . 2010-02-05 04:10 -------- d-sh--w- c:\documents and settings\William Miller.PC201571947580\PrivacIE
2010-02-05 01:55 . 2010-02-05 01:55 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Local Settings\Application Data\Mozilla
2010-02-05 01:19 . 2010-02-05 01:19 -------- d-----w- c:\documents and settings\William Miller\William Miller
2010-02-04 22:08 . 2003-10-02 22:09 45056 ------w- c:\documents and settings\William Miller.PC201571947580\Application Data\Intuit\Quicken\Config\imveng.dll
2010-02-04 22:05 . 2010-02-04 22:05 28051 ------w- C:\backup.reg
2010-02-04 21:43 . 2010-02-04 21:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
2010-02-03 18:00 . 2010-02-03 18:00 52224 ------w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-03 18:00 . 2010-02-04 01:02 117760 ------w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-03 17:32 . 2010-02-03 17:32 61440 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-234ef6be-n\decora-sse.dll
2010-02-03 17:32 . 2010-02-03 17:32 503808 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\msvcp71.dll
2010-02-03 17:32 . 2010-02-03 17:32 499712 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\jmc.dll
2010-02-03 17:32 . 2010-02-03 17:32 348160 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\msvcr71.dll
2010-02-03 17:32 . 2010-02-03 17:32 12800 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-234ef6be-n\decora-d3d.dll
2010-02-03 17:00 . 2010-02-03 17:00 -------- d-----w- c:\documents and settings\William Miller\Application Data\Yahoo!
2010-02-03 17:00 . 2010-02-03 17:50 -------- d-----w- c:\program files\Yahoo!
2010-02-03 17:00 . 2010-02-03 17:00 -------- d-----w- c:\program files\CCleaner
2010-02-03 10:28 . 2010-02-03 10:30 -------- d-----w- C:\!aM anti-Malware
2010-02-01 06:01 . 2010-02-01 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 06:01 . 2010-02-05 04:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 06:01 . 2010-02-01 06:01 -------- d-----w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com
2010-02-01 05:23 . 2010-02-01 05:23 -------- d--h--w- c:\windows\PIF
2010-01-26 08:26 . 2010-01-26 08:26 56 ---h--w- c:\windows\system32\ezsidmv.dat
2010-01-26 08:26 . 2010-01-31 00:30 -------- d-----w- c:\documents and settings\William Miller\Application Data\skypePM
2010-01-26 08:14 . 2010-01-31 04:07 -------- d-----w- c:\documents and settings\William Miller\Application Data\Skype
2010-01-26 08:10 . 2010-01-26 08:10 -------- d-----w- c:\program files\Common Files\Skype
2010-01-26 08:10 . 2010-01-26 08:11 -------- d-----r- c:\program files\Skype
2010-01-26 08:10 . 2010-01-26 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-26 03:38 . 2008-04-13 18:45 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-26 03:38 . 2008-04-13 18:45 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-23 06:43 . 2010-02-03 10:49 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-23 01:17 . 2010-01-23 01:17 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-23 01:09 . 2010-01-23 01:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-23 01:00 . 2010-01-23 01:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-23 00:43 . 2010-01-23 01:03 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-23 00:43 . 2010-01-23 00:43 -------- d-----w- c:\windows\system32\GroupPolicy
2010-01-23 00:40 . 2010-01-23 00:41 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-21 18:07 . 2003-03-29 23:45 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-01-21 18:07 . 2001-06-26 15:15 38912 ------w- c:\windows\system32\picn20.dll
2010-01-21 18:07 . 2001-07-07 01:24 283920 ------w- c:\windows\system32\ImagXpr5.dll
2010-01-21 18:07 . 2001-07-06 21:41 569344 ------w- c:\windows\system32\imagr5.dll
2010-01-21 18:07 . 2001-07-06 19:44 544768 ------w- c:\windows\system32\imagx5.dll
2010-01-21 18:07 . 2010-01-21 18:07 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-21 18:07 . 2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe
2010-01-21 18:06 . 2010-01-21 18:07 -------- d-----w- c:\program files\Ahead
2010-01-21 02:51 . 2010-01-21 02:51 -------- d-----w- c:\program files\Smart Projects
2010-01-20 21:14 . 2010-01-20 23:42 -------- d-----w- C:\SP2
2010-01-20 21:12 . 2010-01-21 00:10 -------- d-----w- C:\XP
2010-01-19 19:02 . 2010-01-19 19:02 -------- d-----w- c:\documents and settings\William Miller\Application Data\Malwarebytes
2010-01-19 19:02 . 2010-01-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-19 19:02 . 2010-02-05 04:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:08 . 2010-01-19 15:08 -------- d-----w- c:\program files\Access Manager
2010-01-19 14:54 . 2010-01-19 14:54 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 04:23 . 2008-12-20 21:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-05 04:05 . 2006-10-16 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-02-04 01:00 . 2006-11-12 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-03 17:32 . 2006-10-16 04:15 -------- d-----w- c:\program files\Common Files\Java
2010-02-03 17:31 . 2009-02-24 01:28 411368 ------w- c:\windows\system32\deploytk.dll
2010-02-03 17:31 . 2006-10-16 04:15 -------- d-----w- c:\program files\Java
2010-01-31 00:45 . 2009-03-01 17:19 -------- d-----w- c:\documents and settings\William Miller\Application Data\MailWasherPro
2010-01-29 05:39 . 2007-03-05 02:12 -------- d-----w- c:\program files\Google
2010-01-23 00:44 . 2009-02-23 04:34 -------- d-----w- c:\documents and settings\William Miller\Application Data\Windows Desktop Search
2010-01-23 00:42 . 2006-10-16 06:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-23 00:25 . 2009-02-23 04:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 00:55 . 2009-02-22 22:45 -------- d-----w- c:\program files\MSECache
2010-01-19 18:48 . 2006-10-16 06:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 03:51 . 2006-11-12 11:15 -------- d-----w- c:\program files\sortabid2000
2009-12-31 16:50 . 2005-05-10 08:17 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-03-16 04:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-16 04:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2005-01-19 12:26 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 16:33 . 2006-10-16 05:22 102464 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 16:32 . 2009-04-10 18:30 360584 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 16:32 . 2009-04-10 18:30 333192 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 16:32 . 2009-04-10 18:30 28424 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 16:32 . 2009-04-10 18:30 12464 ------w- c:\windows\system32\avgrsstx.dll
2009-11-27 17:11 . 2006-03-16 04:00 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2005-08-30 12:13 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2006-03-16 04:00 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-03-16 04:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2006-03-16 04:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-03-16 04:00 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2006-03-16 04:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-24 01:31 . 2009-11-24 01:31 152576 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 01:30 . 2009-11-24 01:30 79488 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2006-03-16 04:00 471552 ------w- c:\windows\AppPatch\aclayers.dll
2009-08-05 14:38 . 2006-12-07 23:17 67688 ------w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-05 14:38 . 2006-12-07 23:17 54368 ------w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-05 14:38 . 2006-12-07 23:17 34944 ------w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-05 14:38 . 2006-12-07 23:17 46712 ------w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-05 14:38 . 2006-12-07 23:17 172136 ------w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-11-01 11:38 . 2006-11-01 12:38 22 -csh--w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-04_00.28.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-12 21:44 . 2010-02-12 21:44 16384 c:\windows\temp\Perflib_Perfdata_7f8.dat
- 2009-02-27 20:53 . 2009-12-13 21:26 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-27 20:53 . 2010-02-12 21:48 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-02-24 03:50 . 2009-02-24 13:48 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2006-03-16 04:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2006-03-16 04:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2009-11-11 23:24 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2009-01-08 02:20 . 2009-01-08 02:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-08 02:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-11-11 23:24 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-02-24 03:50 . 2009-02-24 13:48 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2006-11-12 09:53 . 2010-02-05 04:16 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe
- 2006-11-12 09:53 . 2009-02-24 13:48 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2009-11-11 23:24 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-24 13:20 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-27 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-21 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk.disabled [2006-11-11 818]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk.disabled [2010-1-22 1787]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2009 10:30 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2009 10:30 AM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/28/2009 8:32 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/28/2009 8:32 AM 285392]

--- Other Services/Drivers In Memory ---

*Deregistered* - pwrorpow
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:46]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:46]

2010-02-13 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 21:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????d????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-12 21:15:17
ComboFix-quarantined-files.txt 2010-02-13 05:15
ComboFix2.txt 2010-02-05 04:43
ComboFix3.txt 2010-02-04 00:49
ComboFix4.txt 2010-02-04 00:30

Pre-Run: 30,844,502,016 bytes free
Post-Run: 30,824,194,048 bytes free

- - End Of File - - 86BD774FA2383DBC960DC47CFD1E6E3C








DDS.txt follows:


DDS (Ver_09-12-01.01) - NTFSx86
Run by William Miller at 18:22:56.39 on Fri 02/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.368 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\William Miller\Desktop\HijackThis(2).exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\William Miller\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
mWindow Title =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\willia~1\startm~1\programs\startup\vongot~1.lnk - c:\program files\vongo\Tray.exe
StartupFolder: c:\documents and settings\william miller\start menu\programs\startup\Vongo Tray.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Pavilion Webcam Tray Icon.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Search.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700}
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257975053430
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://totalinvestmentmanagement.webex.com/client/T27L/nbr/ieatgpc.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-10 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-10 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-10 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-28 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-28 285392]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2010-02-13 02:16:04 0 ----a-w- c:\documents and settings\william miller.pc201571947580\defogger_reenable
2010-02-05 04:23:40 0 d-----w- c:\docume~1\willia~1.pc~\applic~1\SUPERAntiSpyware.com
2010-02-05 04:14:30 0 d-----w- c:\docume~1\willia~1.pc~\applic~1\Malwarebytes
2010-02-05 04:14:24 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 04:14:21 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-02-05 04:10:58 0 d-sh--w- c:\documents and settings\william miller.pc201571947580\PrivacIE
2010-02-05 01:54:28 39 ----a-w- C:\XP_TV.ini
2010-02-04 22:09:55 0 d-sh--w- c:\documents and settings\william miller.pc201571947580\IETldCache
2010-02-04 22:07:54 178 --sh--w- c:\documents and settings\william miller.pc201571947580\ntuser.ini
2010-02-04 22:07:54 0 d-----w- c:\docume~1\willia~1.pc~\applic~1\Intuit
2010-02-04 22:05:29 28051 ------w- C:\backup.reg
2010-02-04 00:40:45 0 d-sh--r- C:\cmdcons
2010-02-04 00:16:24 98816 ------w- c:\windows\sed.exe
2010-02-04 00:16:24 77312 ------w- c:\windows\MBR.exe
2010-02-04 00:16:24 261632 ------w- c:\windows\PEV.exe
2010-02-04 00:16:24 161792 ------w- c:\windows\SWREG.exe
2010-02-03 17:31:53 73728 ------w- c:\windows\system32\javacpl.cpl
2010-02-03 17:00:52 0 d-----w- c:\program files\Yahoo!
2010-02-03 17:00:48 0 d-----w- c:\program files\CCleaner
2010-02-03 10:28:53 0 d-----w- C:\!aM anti-Malware
2010-02-01 06:01:48 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-01 06:01:35 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 05:23:18 0 d--h--w- c:\windows\PIF
2010-01-26 08:26:29 56 ---h--w- c:\windows\system32\ezsidmv.dat
2010-01-26 08:10:54 0 d-----r- c:\program files\Skype
2010-01-26 03:38:55 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-26 03:38:55 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-23 01:17:08 0 d-----w- c:\program files\common files\Windows Live
2010-01-23 00:43:58 0 d-----w- c:\windows\system32\GroupPolicy
2010-01-23 00:43:58 0 d-----w- c:\program files\Windows Desktop Search
2010-01-21 18:07:22 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-01-21 18:07:22 57344 ------w- c:\windows\system32\ImageDrive.cpl
2010-01-21 18:07:04 38912 ------w- c:\windows\system32\picn20.dll
2010-01-21 18:07:03 569344 ------w- c:\windows\system32\imagr5.dll
2010-01-21 18:07:03 544768 ------w- c:\windows\system32\imagx5.dll
2010-01-21 18:07:03 283920 ------w- c:\windows\system32\ImagXpr5.dll
2010-01-21 18:07:01 155648 ------w- c:\windows\system32\NeroCheck.exe
2010-01-20 21:14:57 0 d-----w- C:\SP2
2010-01-20 21:12:00 0 d-----w- C:\XP
2010-01-19 19:02:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-19 19:02:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:08:28 0 d-----w- c:\program files\Access Manager
2010-01-19 14:54:04 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

==================== Find3M ====================

2010-02-03 17:31:34 411368 ------w- c:\windows\system32\deploytk.dll
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-28 16:32:45 12464 ------w- c:\windows\system32\avgrsstx.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 15:51:04 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2006-11-01 11:38:32 22 -csh--w- c:\windows\sminst\HPCD.sys
2009-02-23 01:37:42 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-02-23 01:36:56 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022220090223\index.dat

============= FINISH: 18:23:59.26 ===============




Ark.txt follows:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-12 17:50:23
Windows 5.1.2600 Service Pack 3
Running: dtnbe6cy.exe; Driver: C:\DOCUME~1\WILLIA~1.PC~\LOCALS~1\Temp\pwrorpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----



If this helps, I tried Fix-Vundo and it generated this report earlier:

Symantec Trojan.Vundo Removal Tool 1.5.1

C:\18fe25d5e604e18a73\amd64: (not scanned)
C:\18fe25d5e604e18a73\i386: (not scanned)
C:\3e8763464a682625f4392760bb3a0b\update: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1025: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1028: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1029: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1030: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1031: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1032: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1033: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1035: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1036: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1037: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1038: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1040: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1041: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1042: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1043: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1044: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1045: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1046: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1049: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1053: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\1055: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\2052: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\2070: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\3076: (not scanned)
C:\f7ef0820c1b4763b6f6f6c3bcc3e24a7\3082: (not scanned)
C:\Program Installers\Easy CD Creator 6\Roxio Easy CD Creator Platinum v5.3.2.34.Retail\Update.????: (not scanned)
C:\System Volume Information: (not scanned)
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: (not scanned)
C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: (not scanned)
Trojan.Vundo has not been found on your computer.














Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 15 February 2010 - 02:29 AM

I'll be glad to help you with your other computers as well, but you will need to open separate topics for each one. To avoid confusion it's important that you only post logs and info for one computer in this topic.

From reviewing your logs I don't see any indications of an active infection.
What problems/issues are you having with this computer currently?

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 bill49miller

bill49miller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 17 February 2010 - 01:16 PM

Sam,

There is definitely a hidden process going on.

The hidden process re-creates the files C:\cleanup.exe, C:\cleanup.bat, and C:\zip.exe

Until I ran Combofix a second time:
The hidden process prevents GMER from doing a complete scan. It crashed the computer with a blue screen when GMER gets to the files scan.

The hidden process prevents RootRepeal from doing a scan once I select "Hidden Services". Just freezes up the program.
But check out the incomlete report for the hidden drivers in rootrepeal report:
dump_nvata.sys (if this driver is replace by dummy with avenger, another identically named one will replace it on next boot)
dump_WMILIB.SYS (if this driver is replace by dummy with avenger, another identically named one will replace it on next boot)
ihocebx.sys (if this driver is replace by dummy with avenger, another randomly named one will replace it on next boot)
pwrorpow.sys (I do no know about this one, except it is hidden)

When I attept ro run Malwarebytes, I get a window: error code 707 (3, 0) This is with the randomly named downloaded mbam.exe


Please checkout the RootRepeal report below the Combofix. RootRepeal did a complete scan after I ran Combofix.

Please checkout the complete GMER scan, which ran smoothly and completely after I ran Combofix. It shows something loading before the drivers.

Lastly, I included a HJT log here. Do not know if it will help, but I thought it could not hurt.


During the second run of Combofix; Combofix stalled at step 6a with the message:
"The program cannot access the file because it is being used by another process"
but after I closed the message window the Combofix progam continued. Something may be preventing proper implementation of Combofix
step 6a.

I strongly suspect that at least part of the hidden process is loading through drivers SynTP.sys (laptop touchpad) and eabfiltr.sys (QLB PS/2 Keyboard
filter driver/Hewlett-Packard Development Company, L.P.). But if I use Avenger to replace the keypad drivers with a dummy, how will I reboot or control the
computer?

Sam, I appreciate your help. Thank you,

Bill




Here is the new Combofix.txt
ComboFix 10-02-12.01 - William Miller 02/17/2010 0:26.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.532 [GMT -8:00]
Running from: c:\documents and settings\William Miller\Desktop\omboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 06:48 . 2010-02-17 06:48 574 ----a-w- C:\cleanup.bat
2010-02-17 06:48 . 2010-02-17 06:48 135168 ----a-w- C:\zip.exe
2010-02-17 06:46 . 2010-02-17 06:47 -------- d-----w- c:\program files\RootRepeal
2010-02-13 22:43 . 2010-02-13 22:43 -------- d-----w- c:\windows\system32\NtmsData
2010-02-13 05:05 . 2010-02-13 05:05 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Application Data\AVG9
2010-02-05 07:39 . 2010-02-05 07:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-05 07:24 . 2010-02-05 07:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-02-05 06:28 . 2010-02-05 06:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-05 04:23 . 2010-02-05 04:23 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Application Data\SUPERAntiSpyware.com
2010-02-05 04:14 . 2010-02-05 04:14 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Application Data\Malwarebytes
2010-02-05 04:14 . 2010-01-08 00:07 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 04:14 . 2010-01-08 00:07 19160 ------w- c:\windows\system32\drivers\mbam.sys
2010-02-05 04:10 . 2010-02-05 04:10 -------- d-sh--w- c:\documents and settings\William Miller.PC201571947580\PrivacIE
2010-02-05 01:55 . 2010-02-05 01:55 -------- d-----w- c:\documents and settings\William Miller.PC201571947580\Local Settings\Application Data\Mozilla
2010-02-05 01:19 . 2010-02-05 01:19 -------- d-----w- c:\documents and settings\William Miller\William Miller
2010-02-04 22:08 . 2003-10-02 22:09 45056 ------w- c:\documents and settings\William Miller.PC201571947580\Application Data\Intuit\Quicken\Config\imveng.dll
2010-02-04 22:05 . 2010-02-04 22:05 28051 ------w- C:\backup.reg
2010-02-04 21:43 . 2010-02-04 21:51 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google
2010-02-03 18:00 . 2010-02-03 18:00 52224 ------w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-03 18:00 . 2010-02-04 01:02 117760 ------w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-03 17:32 . 2010-02-03 17:32 61440 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-234ef6be-n\decora-sse.dll
2010-02-03 17:32 . 2010-02-03 17:32 503808 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\msvcp71.dll
2010-02-03 17:32 . 2010-02-03 17:32 499712 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\jmc.dll
2010-02-03 17:32 . 2010-02-03 17:32 348160 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\msvcr71.dll
2010-02-03 17:32 . 2010-02-03 17:32 12800 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-234ef6be-n\decora-d3d.dll
2010-02-03 17:00 . 2010-02-03 17:00 -------- d-----w- c:\documents and settings\William Miller\Application Data\Yahoo!
2010-02-03 17:00 . 2010-02-03 17:50 -------- d-----w- c:\program files\Yahoo!
2010-02-03 17:00 . 2010-02-03 17:00 -------- d-----w- c:\program files\CCleaner
2010-02-03 10:28 . 2010-02-03 10:30 -------- d-----w- C:\!aM anti-Malware
2010-02-01 06:01 . 2010-02-01 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 06:01 . 2010-02-05 04:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 06:01 . 2010-02-01 06:01 -------- d-----w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com
2010-02-01 05:23 . 2010-02-01 05:23 -------- d--h--w- c:\windows\PIF
2010-01-26 08:26 . 2010-01-26 08:26 56 ---h--w- c:\windows\system32\ezsidmv.dat
2010-01-26 08:26 . 2010-01-31 00:30 -------- d-----w- c:\documents and settings\William Miller\Application Data\skypePM
2010-01-26 08:14 . 2010-01-31 04:07 -------- d-----w- c:\documents and settings\William Miller\Application Data\Skype
2010-01-26 08:10 . 2010-01-26 08:10 -------- d-----w- c:\program files\Common Files\Skype
2010-01-26 08:10 . 2010-01-26 08:11 -------- d-----r- c:\program files\Skype
2010-01-26 08:10 . 2010-01-26 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-26 03:38 . 2008-04-13 18:45 60032 ------w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-26 03:38 . 2008-04-13 18:45 60032 ------w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-23 06:43 . 2010-02-03 10:49 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-23 01:17 . 2010-01-23 01:17 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-23 01:09 . 2010-01-23 01:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-23 01:00 . 2010-01-23 01:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-23 00:43 . 2010-01-23 01:03 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-23 00:43 . 2010-01-23 00:43 -------- d-----w- c:\windows\system32\GroupPolicy
2010-01-23 00:40 . 2010-01-23 00:41 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-21 18:07 . 2003-03-29 23:45 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-01-21 18:07 . 2001-06-26 15:15 38912 ------w- c:\windows\system32\picn20.dll
2010-01-21 18:07 . 2001-07-07 01:24 283920 ------w- c:\windows\system32\ImagXpr5.dll
2010-01-21 18:07 . 2001-07-06 21:41 569344 ------w- c:\windows\system32\imagr5.dll
2010-01-21 18:07 . 2001-07-06 19:44 544768 ------w- c:\windows\system32\imagx5.dll
2010-01-21 18:07 . 2010-01-21 18:07 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-21 18:07 . 2001-07-09 18:50 155648 ------w- c:\windows\system32\NeroCheck.exe
2010-01-21 18:06 . 2010-01-21 18:07 -------- d-----w- c:\program files\Ahead
2010-01-21 02:51 . 2010-01-21 02:51 -------- d-----w- c:\program files\Smart Projects
2010-01-20 21:14 . 2010-01-20 23:42 -------- d-----w- C:\SP2
2010-01-20 21:12 . 2010-01-21 00:10 -------- d-----w- C:\XP
2010-01-19 19:02 . 2010-01-19 19:02 -------- d-----w- c:\documents and settings\William Miller\Application Data\Malwarebytes
2010-01-19 19:02 . 2010-01-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-19 19:02 . 2010-02-05 04:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:08 . 2010-01-19 15:08 -------- d-----w- c:\program files\Access Manager
2010-01-19 14:54 . 2010-01-19 14:54 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 00:31 . 2006-11-12 11:15 -------- d-----w- c:\program files\sortabid2000
2010-02-05 04:23 . 2008-12-20 21:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-05 04:05 . 2006-10-16 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-02-04 01:00 . 2006-11-12 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-03 17:32 . 2006-10-16 04:15 -------- d-----w- c:\program files\Common Files\Java
2010-02-03 17:31 . 2009-02-24 01:28 411368 ------w- c:\windows\system32\deploytk.dll
2010-02-03 17:31 . 2006-10-16 04:15 -------- d-----w- c:\program files\Java
2010-01-31 00:45 . 2009-03-01 17:19 -------- d-----w- c:\documents and settings\William Miller\Application Data\MailWasherPro
2010-01-29 05:39 . 2007-03-05 02:12 -------- d-----w- c:\program files\Google
2010-01-23 00:44 . 2009-02-23 04:34 -------- d-----w- c:\documents and settings\William Miller\Application Data\Windows Desktop Search
2010-01-23 00:42 . 2006-10-16 06:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-23 00:25 . 2009-02-23 04:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 00:55 . 2009-02-22 22:45 -------- d-----w- c:\program files\MSECache
2010-01-19 18:48 . 2006-10-16 06:06 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2005-05-10 08:17 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-03-16 04:00 343040 ------w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-03-16 04:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2005-01-19 12:26 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-28 16:33 . 2006-10-16 05:22 102464 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 16:32 . 2009-04-10 18:30 360584 ------w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 16:32 . 2009-04-10 18:30 333192 ------w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 16:32 . 2009-04-10 18:30 28424 ------w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 16:32 . 2009-04-10 18:30 12464 ------w- c:\windows\system32\avgrsstx.dll
2009-11-27 17:11 . 2006-03-16 04:00 17920 ------w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2005-08-30 12:13 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2006-03-16 04:00 8704 ------w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-03-16 04:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2006-03-16 04:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-03-16 04:00 48128 ------w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2006-03-16 04:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-24 01:31 . 2009-11-24 01:31 152576 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 01:30 . 2009-11-24 01:30 79488 ------w- c:\documents and settings\William Miller\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2006-03-16 04:00 471552 ------w- c:\windows\AppPatch\aclayers.dll
2009-08-05 14:38 . 2006-12-07 23:17 67688 ------w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-05 14:38 . 2006-12-07 23:17 54368 ------w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-05 14:38 . 2006-12-07 23:17 34944 ------w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-05 14:38 . 2006-12-07 23:17 46712 ------w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-05 14:38 . 2006-12-07 23:17 172136 ------w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-11-01 11:38 . 2006-11-01 12:38 22 -csh--w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-04_00.28.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 07:14 . 2010-02-17 07:14 16384 c:\windows\temp\Perflib_Perfdata_33c.dat
- 2009-02-27 20:53 . 2009-12-13 21:26 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-02-27 20:53 . 2010-02-12 21:48 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-02-24 03:50 . 2009-02-24 13:48 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 69120 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 35328 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 30208 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 11264 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 28160 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 73216 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
- 2009-02-24 03:50 . 2009-02-24 13:48 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 22528 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2006-03-16 04:00 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2006-03-16 04:00 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2010-01-27 00:58 . 2010-01-27 00:58 256280 c:\windows\system32\Macromed\Flash\FlashUtil10e.exe
+ 2009-11-11 23:24 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2009-01-08 02:20 . 2009-01-08 02:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-08 02:20 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-11-11 23:24 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
- 2009-02-24 03:50 . 2009-02-24 13:48 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2009-02-24 03:50 . 2010-02-05 04:16 104960 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2006-11-12 09:53 . 2010-02-05 04:16 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe
- 2006-11-12 09:53 . 2009-02-24 13:48 155136 c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2009-11-11 23:24 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-06-03 19:09 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-24 13:20 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-27 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-21 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk.disabled [2006-11-11 818]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk.disabled [2010-1-22 1787]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2009 10:30 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2009 10:30 AM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/28/2009 8:32 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/28/2009 8:32 AM 285392]
.
Contents of the 'Scheduled Tasks' folder

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:46]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:46]

2010-02-13 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????d????????@???????@

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2010-02-17 06:47:21
ComboFix-quarantined-files.txt 2010-02-17 14:47
ComboFix2.txt 2010-02-13 05:15
ComboFix3.txt 2010-02-05 04:43
ComboFix4.txt 2010-02-04 00:49
ComboFix5.txt 2010-02-17 08:01

Pre-Run: 30,772,600,832 bytes free
Post-Run: 30,735,704,064 bytes free

- - End Of File - - 9929350CD426A27BC0D8A2DA466C94A2






Here is the new complete RootRepeal text following re-run of Combofix.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/17 07:04
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\WILLIA~1.PC~\LOCALS~1\Temp\catchme.sys
Address: 0xF13B0000 Size: 31744 File Visible: No Signed: No
Status: -

Name: cdrpdacc.sys
Image Path: C:\Program Files\Quintessential Media Player\cdrpdacc.sys
Address: 0xF7A15000 Size: 4800 File Visible: - Signed: No
Status: -

Name: dump_nvata.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0xEDC2D000 Size: 102400 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF06A0000 Size: 8192 File Visible: No Signed: No
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\WILLIA~1.PC~\LOCALS~1\Temp\mbr.sys
Address: 0xF13D8000 Size: 20864 File Visible: No Signed: No
Status: -

Name: mqac.sys
Image Path: C:\WINDOWS\system32\drivers\mqac.sys
Address: 0xB9E3C000 Size: 91776 File Visible: - Signed: No
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xF79D7000 Size: 7872 File Visible: No Signed: No
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7717000 Size: 20000 File Visible: - Signed: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8BE1000 Size: 49152 File Visible: No Signed: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\pagefile.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

==EOF==






















GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-17 08:48:32
Windows 5.1.2600 Service Pack 3
Running: g,m,e,r.exe; Driver: C:\DOCUME~1\WILLIA~1.PC~\LOCALS~1\Temp\pwrorpow.sys


---- System - GMER 1.0.15 ----

INT 0x01 \??\C:\DOCUME~1\WILLIA~1.PC~\LOCALS~1\Temp\mbr.sys F13D92A4

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:55 AM, on 2/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\William Miller\Desktop\g,m,e,r.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\William Miller\Desktop\HijackThis(2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk.disabled (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Startup: Vongo Tray.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Windows Search.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1257975053430
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://totalinvestmentmanagement.webex.com...nbr/ieatgpc.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8323 bytes


bill49miller@gmail.com


#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 17 February 2010 - 01:41 PM

I'm concerned about the steps that you've already taken. Avenger is not a tool to be used unless you are very familiar with what it does. And you are using it on legitimate files it appears. Let's take a step back before we proceed.

Please post the first log from Combofix that you ran. It should be located in the c:\qoobox folder. Look at the dates to make sure you post the first one that you ran.


After you have done that, please uninstall Combofix.
  • Click Start -> Run
  • Now type Combofix /uninstall in the runbox and click OK


====================



We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    cleanup.bat
    cleanup.exe
    zip.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.


====================


Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 bill49miller

bill49miller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 19 February 2010 - 12:43 AM

Hello Sam,

My first attempt to post these logs you requested was rejected as too long. I will break up the replies into two posts. First the Combofix.

Here is the first (earliest) Combofix log (before running I renamed it Rambofix2 in order to preclude/mitigate possible interference):
FYI Combofix is now uninstalled.
FYI Also, everytime I have run Combofix I have received the notice from StartupMonitor
"GrpConv has registered the executable grpconv -o to run at system startup. Do you wish to allow this change?" to which I have replied No.





ComboFix 10-01-31.03 - William Miller 02/04/2010 20:26:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.337 [GMT -8:00]
Running from: c:\documents and settings\William Miller\Desktop\RamboFix2.exeb
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Arj.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\ArjPack.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\avlib.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Avp1.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\AVP3Info.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\AvpMgr.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\avs.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\avspm.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Base64.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Base64P.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\btdisk.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\btimages.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\buffer.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\CAB.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\crpthlpr.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\deflate.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\dmap.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\dtreg.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Explode.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\farbuffer.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\faristream.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\FsDrvPlg.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\FSSync.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\HashCont.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\HashMD5.PPL
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\HCCMP.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\ichk2.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\iChkSA.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\ikave.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Inflate.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\IniFile.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\IWGen.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\kave.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\klavsrch.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\kosglue-7.0.26.0.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\L_llio.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\lha.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\lic60.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\LicMgr.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\MailMsg.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\mc.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\mdb.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\MDMAP.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\MemModSc.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\MemScan.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\minizip.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\MKavIO.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\msoe.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\msvcm80.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\msvcp80.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\msvcr80.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\ndetect.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\nfio.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\NTFSstrm.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\ods.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\params.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\passdmap.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\prKernel.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\prLoader.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\procmon.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\prremote.dll
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\prseqio.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\PrUpdate.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\PrUtil.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Quantum.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\rar.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\ScanningProcess.exe
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\schedule.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\sfdb.PPL
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\StdComp.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\StEnum2.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\stored.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\superio.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\TempFile.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\thpimpl.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Timer.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\tm.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\UnArj.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\UniArc.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\UnLZX.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\Unreduce.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\UNSHRINK.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\UnStored.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\WDiskIO.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\WinReg.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\binaries\xorio.ppl
c:\documents and settings\William Miller\Local Settings\Temp\jkos-William Miller\engine\bases\avcmhk5.mhk
c:\documents and settings\William Miller\Local Settings\Temp\SSUPDATE.EXE
c:\windows\system32\nvsvc32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NVSvc
-------\Service_NVSvc


((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 04:14 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 04:14 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 01:19 . 2010-02-05 01:19 -------- d-----w- c:\documents and settings\William Miller\William Miller
2010-02-04 22:07 . 2010-02-05 04:10 -------- d-----w- c:\documents and settings\William Miller.PC201571947580
2010-02-04 22:05 . 2010-02-04 22:05 28051 ----a-w- C:\backup.reg
2010-02-03 17:00 . 2010-02-03 17:00 -------- d-----w- c:\documents and settings\William Miller\Application Data\Yahoo!
2010-02-03 17:00 . 2010-02-03 17:50 -------- d-----w- c:\program files\Yahoo!
2010-02-03 17:00 . 2010-02-03 17:00 -------- d-----w- c:\program files\CCleaner
2010-02-03 10:28 . 2010-02-03 10:30 -------- d-----w- C:\!aM anti-Malware
2010-02-01 06:01 . 2010-02-01 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 06:01 . 2010-02-05 04:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 06:01 . 2010-02-01 06:01 -------- d-----w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com
2010-02-01 05:23 . 2010-02-01 05:23 -------- d--h--w- c:\windows\PIF
2010-01-30 22:46 . 2010-01-30 22:50 -------- d-----w- c:\documents and settings\William Miller\Local Settings\Application Data\Temp
2010-01-26 08:26 . 2010-01-26 08:26 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-26 08:26 . 2010-01-31 00:30 -------- d-----w- c:\documents and settings\William Miller\Application Data\skypePM
2010-01-26 08:14 . 2010-01-31 04:07 -------- d-----w- c:\documents and settings\William Miller\Application Data\Skype
2010-01-26 08:10 . 2010-01-26 08:10 -------- d-----w- c:\program files\Common Files\Skype
2010-01-26 08:10 . 2010-01-26 08:11 -------- d-----r- c:\program files\Skype
2010-01-26 08:10 . 2010-01-26 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-26 03:38 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-26 03:38 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-23 06:43 . 2010-02-03 10:49 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-23 01:17 . 2010-01-23 01:17 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-23 01:09 . 2010-01-23 01:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-23 01:00 . 2010-01-23 01:00 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-23 00:44 . 2010-01-23 00:44 -------- d-----w- c:\documents and settings\William Miller\Local Settings\Application Data\Identities
2010-01-23 00:43 . 2010-01-23 01:03 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-23 00:43 . 2010-01-23 00:43 -------- d-----w- c:\windows\system32\GroupPolicy
2010-01-23 00:40 . 2010-01-23 00:41 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-21 18:07 . 2003-03-29 23:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-01-21 18:07 . 2001-06-26 15:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-01-21 18:07 . 2001-07-07 01:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-01-21 18:07 . 2001-07-06 21:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-01-21 18:07 . 2001-07-06 19:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-01-21 18:07 . 2010-01-21 18:07 -------- d-----w- c:\program files\Common Files\Ahead
2010-01-21 18:07 . 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-01-21 18:06 . 2010-01-21 18:07 -------- d-----w- c:\program files\Ahead
2010-01-21 02:51 . 2010-01-21 02:51 -------- d-----w- c:\program files\Smart Projects
2010-01-20 21:14 . 2010-01-20 23:42 -------- d-----w- C:\SP2
2010-01-20 21:12 . 2010-01-21 00:10 -------- d-----w- C:\XP
2010-01-19 19:02 . 2010-01-19 19:02 -------- d-----w- c:\documents and settings\William Miller\Application Data\Malwarebytes
2010-01-19 19:02 . 2010-01-19 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-19 19:02 . 2010-02-05 04:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:08 . 2010-01-19 15:08 -------- d-----w- c:\program files\Access Manager
2010-01-19 14:54 . 2010-01-19 14:54 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-12 21:37 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 04:23 . 2008-12-20 21:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-05 04:05 . 2006-10-16 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-02-04 01:02 . 2010-02-03 18:00 117760 ----a-w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-04 01:00 . 2006-11-12 09:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-03 18:00 . 2010-02-03 18:00 52224 ----a-w- c:\documents and settings\William Miller\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-03 17:32 . 2010-02-03 17:32 61440 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-234ef6be-n\decora-sse.dll
2010-02-03 17:32 . 2010-02-03 17:32 503808 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\msvcp71.dll
2010-02-03 17:32 . 2010-02-03 17:32 499712 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\jmc.dll
2010-02-03 17:32 . 2010-02-03 17:32 348160 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-22788f15-n\msvcr71.dll
2010-02-03 17:32 . 2010-02-03 17:32 12800 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-234ef6be-n\decora-d3d.dll
2010-02-03 17:32 . 2006-10-16 04:15 -------- d-----w- c:\program files\Common Files\Java
2010-02-03 17:31 . 2009-02-24 01:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-03 17:31 . 2006-10-16 04:15 -------- d-----w- c:\program files\Java
2010-01-31 00:45 . 2009-03-01 17:19 -------- d-----w- c:\documents and settings\William Miller\Application Data\MailWasherPro
2010-01-29 05:39 . 2007-03-05 02:12 -------- d-----w- c:\program files\Google
2010-01-23 00:44 . 2009-02-23 04:34 -------- d-----w- c:\documents and settings\William Miller\Application Data\Windows Desktop Search
2010-01-23 00:42 . 2006-10-16 06:19 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-23 00:25 . 2009-02-23 04:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 00:55 . 2009-02-22 22:45 -------- d-----w- c:\program files\MSECache
2010-01-19 18:48 . 2006-10-16 06:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-13 03:51 . 2006-11-12 11:15 -------- d-----w- c:\program files\sortabid2000
2009-12-21 19:14 . 2006-03-16 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-28 16:33 . 2006-10-16 05:22 102464 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-28 16:32 . 2009-04-10 18:30 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 16:32 . 2009-04-10 18:30 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 16:32 . 2009-04-10 18:30 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 16:32 . 2009-04-10 18:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-24 01:31 . 2009-11-24 01:31 152576 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 01:30 . 2009-11-24 01:30 79488 ----a-w- c:\documents and settings\William Miller\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2006-03-16 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-11 22:30 . 2006-06-29 18:43 92819 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-05 14:38 . 2006-12-07 23:17 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-05 14:38 . 2006-12-07 23:17 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-05 14:38 . 2006-12-07 23:17 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-05 14:38 . 2006-12-07 23:17 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-05 14:38 . 2006-12-07 23:17 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2006-11-01 11:38 . 2006-11-01 12:38 22 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-12 102400]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-27 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-21 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Pavilion Webcam Tray Icon.lnk.disabled [2006-11-11 818]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk.disabled [2010-1-22 1787]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mECydtaIQ.exe" /runcleanupscript

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/10/2009 10:30 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/10/2009 10:30 AM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/28/2009 8:32 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/28/2009 8:32 AM 285392]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:46]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 22:46]

2010-01-10 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mWindow Title =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 20:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????d????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\StartupMonitor.exe
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-02-04 20:43:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-05 04:43
ComboFix2.txt 2010-02-04 00:49
ComboFix3.txt 2010-02-04 00:30

Pre-Run: 26,702,553,088 bytes free
Post-Run: 26,595,770,368 bytes free

- - End Of File - - 92310C5583A269B82E35F9430CDC6496


This the end of the first Combofix log. Another post following will contain the mbr and oldtimer logs.

Thanks for your help. I need help.

Bill





#8 bill49miller

bill49miller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 19 February 2010 - 12:49 AM





Hello Sam,

My first attempt to post these logs you requested was rejected as too long. I have broken up the replies into two posts.
I fist sent the first Combofix log. The mbr and oldtimer logs follow.








Here is the oldtimer report. It stopped scanning without apparently completing the first scan, so I clicked ScAN again.
It came up as three separate text files:



OTL logfile created on: 2/18/2010 8:24:56 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = C:\Documents and Settings\William Miller\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 492.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.37 Gb Total Space | 28.38 Gb Free Space | 35.31% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.20 Gb Free Space | 10.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC201571947580
Current User Name: William Miller
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 20:16:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
PRC - [2010/02/03 09:31:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/22 03:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 03:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/11 20:55:34 | 000,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2006/06/16 21:22:46 | 000,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/05/18 15:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/03 21:58:26 | 000,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 14:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 20:16:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
MOD - [2008/04/13 16:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2010/02/03 09:31:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/22 03:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 03:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/06/12 12:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 15:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/02 14:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 08:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2010/02/18 17:24:33 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/22 03:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/25 12:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)
DRV - [2006/08/29 06:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 06:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 06:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/24 10:40:00 | 003,661,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/06 10:28:58 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/06/19 06:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 20:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/04/28 09:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/18 03:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/15 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/03/06 06:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 07:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 07:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/22 16:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 17:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 13:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/06/20 16:05:58 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\S-1-5-21-332905825-2553223042-2058812434-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/03 09:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 19:07:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:07:19 | 000,000,000 | ---D | M]

[2010/02/18 19:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla\Extensions
[2010/02/18 19:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/04 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla\Firefox\Profiles\2qtygqfx.default\extensions
[2010/02/18 19:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/18 19:07:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/16 10:40:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/01 22:08:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/03 18:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/06 21:23:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/07 12:45:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/30 15:59:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/22 11:11:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/02/03 09:31:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/02/18 19:06:50 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/18 19:06:50 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/02/03 09:31:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/02/18 19:07:05 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/02/27 09:19:33 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/02/27 09:19:43 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/02/27 09:19:32 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/07/17 19:21:00 | 003,883,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010/02/18 19:07:09 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/18 19:07:09 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/18 19:07:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/18 19:07:10 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/18 19:07:10 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/02/18 19:07:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/18 19:07:10 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/02/04 20:35:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1257975053430 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://totalinvestmentmanagement.webex.com...nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 20:16:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
[2010/02/18 19:56:40 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/17 21:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Adobe
[2010/02/17 11:14:43 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/17 11:14:43 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/17 11:14:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/17 11:14:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/17 11:14:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/17 11:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/17 11:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/17 10:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/17 10:25:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/17 10:25:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/17 10:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/16 23:47:36 | 000,000,000 | ---D | C] -- C:\omboFix
[2010/02/16 22:47:51 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\William Miller\Desktop\RootRepeal.exe
[2010/02/16 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\RootRepeal
[2010/02/16 22:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\verify clean logs
[2010/02/13 14:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/12 18:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\gmer
[2010/02/12 18:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\WinRAR
[2010/02/12 17:44:35 | 001,394,000 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\William Miller\Desktop\z,zt,oy1.exe
[2010/02/05 01:32:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Recent
[2010/02/04 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\SUPERAntiSpyware.com
[2010/02/04 20:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Malwarebytes
[2010/02/04 20:14:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 20:14:21 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 20:10:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Miller.PC201571947580\PrivacIE
[2010/02/04 17:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Adobe
[2010/02/04 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Mozilla
[2010/02/04 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla
[2010/02/04 17:26:39 | 004,020,604 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\William Miller\Desktop\mb2.exe
[2010/02/04 17:21:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William Miller\Desktop\My Music
[2010/02/04 17:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\Left on Desk
[2010/02/04 17:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\fixinsMB
[2010/02/04 17:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\Computer Maintenance
[2010/02/04 17:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\backups
[2010/02/04 14:09:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Miller.PC201571947580\IETldCache
[2010/02/04 14:09:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Miller.PC201571947580\Cookies
[2010/02/04 14:08:09 | 000,051,192 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/04 14:08:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\fusioncache.dat
[2010/02/04 14:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\DSwitch.txt
[2010/02/04 14:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\AtStart.txt
[2010/02/04 14:08:08 | 004,845,924 | -H-- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\IconCache.db
[2010/02/04 14:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\QSwitch.txt
[2010/02/04 14:07:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Microsoft
[2010/02/04 14:07:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data
[2010/02/04 14:07:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Start Menu
[2010/02/04 14:07:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Templates
[2010/02/04 14:07:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Wildtangent
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Microsoft
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Macromedia
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\IsolatedStorage
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Intuit
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Identities
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\HP
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Google
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\BVRP Software
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\ApplicationHistory
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Apple Computer
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/02/04 12:29:19 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\William Miller\Desktop\Fix-V-u-n-do.exe
[2010/02/03 16:40:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/03 16:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/03 14:40:09 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\William Miller\Desktop\HijackThis(2).exe
[2010/02/03 09:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/03 09:31:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/03 09:31:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/03 09:31:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/03 09:31:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/03 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/03 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/03 02:28:53 | 000,000,000 | ---D | C] -- C:\!aM anti-Malware
[2010/01/31 22:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/31 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/31 21:23:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/30 15:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\My Documents\Downloads
[2010/01/26 00:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/26 00:10:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/01/26 00:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/01/25 19:38:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/25 19:38:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/01/22 22:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/22 17:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/22 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/22 16:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/01/22 16:43:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/22 16:42:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/22 16:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/01/21 10:07:22 | 000,089,184 | ---- | C] (Ahead Software AG and its licensors) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2010/01/21 10:07:22 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\ImageDrive.cpl
[2010/01/21 10:07:04 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/01/21 10:07:03 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2010/01/21 10:07:03 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2010/01/21 10:07:03 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2010/01/21 10:07:01 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/01/21 10:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/01/21 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/01/21 09:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/01/20 18:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2010/01/20 13:14:57 | 000,000,000 | ---D | C] -- C:\SP2
[2010/01/20 13:12:00 | 000,000,000 | ---D | C] -- C:\XP
[2008/04/29 23:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\tor
[2008/04/29 12:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\tor
[2008/02/15 20:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/10/29 09:42:41 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/29 10:49:18 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 03:00:22 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/09/24 07:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 20:23:32 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/02/18 20:22:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\mbr.exe
[2010/02/18 20:16:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
[2010/02/18 19:58:20 | 000,001,395 | ---- | M] () -- C:\hpqp.ini
[2010/02/18 19:57:08 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/18 19:57:08 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/18 19:57:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 19:57:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 19:56:59 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () -- C:\cleanup.exe
[2010/02/18 19:54:15 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\William Miller.PC201571947580\NTUSER.DAT
[2010/02/18 19:54:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\William Miller.PC201571947580\ntuser.ini
[2010/02/18 19:51:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
[2010/02/18 17:57:12 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\William Miller\My Documents\First Day of Lent.doc
[2010/02/18 17:24:33 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/17 11:14:54 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/17 11:05:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/17 10:21:25 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\avira_antivir_personal_en.exe
[2010/02/17 06:45:15 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\settings.dat
[2010/02/14 20:24:45 | 000,000,636 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/02/13 14:51:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
[2010/02/12 18:32:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to My Computer.lnk
[2010/02/12 18:27:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\gmer.zip
[2010/02/12 18:16:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\William Miller.PC201571947580\defogger_reenable
[2010/02/12 18:15:07 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Defogger.exe
[2010/02/12 18:11:06 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2010/02/12 09:40:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/12 08:21:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/04 23:56:36 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\explorMB.lnk
[2010/02/04 20:35:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/04 17:26:03 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to Desktop.lnk
[2010/02/04 14:10:03 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Windows Media Player.lnk
[2010/02/04 14:05:29 | 000,028,051 | ---- | M] () -- C:\backup.reg
[2010/02/04 12:29:19 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\William Miller\Desktop\Fix-V-u-n-do.exe
[2010/02/03 16:40:54 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2010/02/03 14:40:07 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\William Miller\Desktop\HijackThis(2).exe
[2010/02/03 11:41:44 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer (2).lnk
[2010/02/03 09:38:22 | 000,000,905 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/03 09:31:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/03 09:31:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/03 09:31:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/03 09:31:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/03 09:31:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/03 02:25:07 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\avenger.exe
[2010/01/31 21:08:55 | 004,020,604 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\William Miller\Desktop\mb2.exe
[2010/01/31 21:00:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\mb1.exe
[2010/01/31 20:56:34 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\SUPERAntiSpyware.exe
[2010/01/30 16:29:52 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/30 14:52:00 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Google Chrome.lnk
[2010/01/26 08:28:23 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer.lnk
[2010/01/26 00:26:29 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/22 16:44:08 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
[2010/01/22 16:44:05 | 000,477,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 16:44:05 | 000,413,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 16:44:05 | 000,063,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 16:42:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/22 16:42:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/22 16:40:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/22 07:12:25 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\!aM-r-k-i-l-l.com
[2010/01/21 10:08:58 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/20 18:51:50 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\IsoBuster.lnk
[2010/01/20 06:34:29 | 000,373,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100130-143634.backup
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 20:23:31 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/02/18 20:22:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\mbr.exe
[2010/02/18 17:57:08 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\First Day of Lent.doc
[2010/02/17 11:14:54 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/17 11:10:13 | 000,000,000 | ---- | C] () -- C:\cleanup.exe
[2010/02/17 10:20:44 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\avira_antivir_personal_en.exe
[2010/02/16 23:41:01 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\avenger.exe
[2010/02/16 22:53:41 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\settings.dat
[2010/02/12 18:32:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to My Computer.lnk
[2010/02/12 18:29:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\g,m,e,r.exe
[2010/02/12 18:27:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\gmer.zip
[2010/02/12 18:16:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\defogger_reenable
[2010/02/12 18:15:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Defogger.exe
[2010/02/12 09:36:38 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/04 23:47:01 | 1005,170,688 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/04 23:39:19 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\explorMB.lnk
[2010/02/04 17:54:28 | 000,000,039 | ---- | C] () -- C:\XP_TV.ini
[2010/02/04 17:26:40 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\SUPERAntiSpyware.exe
[2010/02/04 17:26:40 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Quicken 2004.lnk
[2010/02/04 17:26:40 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Sortabid 2000.lnk
[2010/02/04 17:26:40 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer.lnk
[2010/02/04 17:26:40 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer (3).lnk
[2010/02/04 17:26:40 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer (2).lnk
[2010/02/04 17:26:40 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Screen Shot Deluxe 3.0.lnk
[2010/02/04 17:26:40 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Spybot - Search & Destroy.lnk
[2010/02/04 17:26:40 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Revo Uninstaller.lnk
[2010/02/04 17:26:40 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\NetworkActiv PIAFCTM 2.2.lnk
[2010/02/04 17:26:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Romanian-English Dictionary.lnk
[2010/02/04 17:26:40 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\WebTime.lnk
[2010/02/04 17:26:40 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Web Activity Monitor.lnk
[2010/02/04 17:26:40 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to e-Sword.old.lnk
[2010/02/04 17:26:39 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Kristen's Menu.doc
[2010/02/04 17:26:39 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\MailWasher Free.lnk
[2010/02/04 17:26:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\mb1.exe
[2010/02/04 17:26:03 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to Desktop.lnk
[2010/02/04 14:10:03 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Media Player.lnk
[2010/02/04 14:08:11 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Help and Support.lnk
[2010/02/04 14:07:54 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk.disabled
[2010/02/04 14:07:54 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk
[2010/02/04 14:07:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\ntuser.ini
[2010/02/04 14:07:53 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\NTUSER.DAT
[2010/02/04 14:05:29 | 000,028,051 | ---- | C] () -- C:\backup.reg
[2010/02/03 16:40:49 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/30 14:52:00 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Google Chrome.lnk
[2010/01/30 14:46:28 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
[2010/01/30 14:46:28 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
[2010/01/26 00:26:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/26 00:11:00 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/22 16:44:08 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
[2010/01/22 16:40:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/22 07:12:22 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\!aM-r-k-i-l-l.com
[2010/01/21 10:08:58 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/20 18:51:50 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\IsoBuster.lnk
[2010/01/08 18:04:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/05/18 19:03:07 | 000,000,837 | ---- | C] () -- C:\WINDOWS\sshot.ini
[2009/02/23 20:35:07 | 000,000,127 | ---- | C] () -- C:\WINDOWS\PTMAIL.INI
[2009/02/23 20:35:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\Parsons.ini
[2009/02/23 13:30:53 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2009/02/23 12:00:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/03/14 07:26:19 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/05 04:45:44 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/12 03:44:46 | 000,001,044 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/11/12 03:44:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/10/15 22:20:13 | 000,000,636 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/15 22:17:01 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/15 21:56:09 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/15 21:36:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/15 20:16:22 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/15 20:16:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/15 20:16:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/15 20:16:10 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/15 20:16:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/15 20:16:09 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/30 21:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/05 11:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 11:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 10:46:56 | 000,004,463 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 10:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/03 23:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 10:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 12:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 00:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () -- C:\cleanup.exe
[2010/02/18 20:23:32 | 000,077,312 | ---- | M] () -- C:\mbr.exe


< MD5 for: AGP440.SYS >
[2006/03/15 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\SP2\i386\sp2.cab:AGP440.sys
[2006/03/15 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/15 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\SP2\i386\sp2.cab:atapi.sys
[2006/03/15 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: CLEANUP.EXE >
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\cleanup.exe
[2010/02/17 11:10:13 | 000,019,286 | ---- | M] () MD5=D5816BDDD4382975C1693CCE68547FCC -- C:\Avenger\cleanup.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2006/03/15 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2006/03/15 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >
OTL logfile created on: 2/18/2010 8:24:56 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = C:\Documents and Settings\William Miller\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 492.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.37 Gb Total Space | 28.38 Gb Free Space | 35.31% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.20 Gb Free Space | 10.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC201571947580
Current User Name: William Miller
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/18 20:16:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
PRC - [2010/02/03 09:31:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/22 03:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqtgsvc.exe
PRC - [2009/06/22 03:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mqsvc.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/11 20:55:34 | 000,102,400 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2006/06/16 21:22:46 | 000,794,713 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/05/18 15:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/05/03 21:58:26 | 000,458,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PRC - [2006/05/02 14:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2000/05/20 17:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe


========== Modules (SafeList) ==========

MOD - [2010/02/18 20:16:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
MOD - [2008/04/13 16:11:56 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (getPlus® Helper) getPlus®
SRV - [2010/02/03 09:31:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/22 03:49:23 | 000,117,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqtgsvc.exe -- (MSMQTriggers)
SRV - [2009/06/22 03:49:04 | 000,004,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mqsvc.exe -- (MSMQ)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/06/12 12:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2006/05/18 15:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/02 14:41:28 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 08:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Driver Services (SafeList) ==========

DRV - [2010/02/18 17:24:33 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/22 03:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/08 06:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/01/25 12:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)
DRV - [2006/08/29 06:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 06:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 06:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/08/24 10:40:00 | 003,661,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/06 10:28:58 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/06/19 06:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/06/18 22:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 20:40:56 | 000,193,120 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/04/28 09:12:00 | 000,429,184 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/04/18 03:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/15 20:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/03/06 06:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 07:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 07:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/12/22 16:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 17:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/09/19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 13:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/06/20 16:05:58 | 000,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 21:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 20:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 20:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 20:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 20:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 20:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 20:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 20:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 20:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 20:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 20:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\S-1-5-21-332905825-2553223042-2058812434-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/02/03 09:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 19:07:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 19:07:19 | 000,000,000 | ---D | M]

[2010/02/18 19:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla\Extensions
[2010/02/18 19:07:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/02/04 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla\Firefox\Profiles\2qtygqfx.default\extensions
[2010/02/18 19:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/18 19:07:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/16 10:40:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/01 22:08:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/03 18:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/06 21:23:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/07 12:45:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/30 15:59:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/22 11:11:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/02/03 09:31:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/02/18 19:06:50 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/02/18 19:06:50 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/02/03 09:31:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/02/18 19:07:05 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/02/27 09:19:33 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/06/14 19:30:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/02/27 09:19:43 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2008/02/27 09:19:32 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/07/17 19:21:00 | 003,883,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010/02/18 19:07:09 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/02/18 19:07:09 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/02/18 19:07:10 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/02/18 19:07:10 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/02/18 19:07:10 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/02/18 19:07:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/02/18 19:07:10 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/02/04 20:35:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Pavilion Webcam Tray Icon.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Vongo Tray.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe File not found
O4 - Startup: C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-332905825-2553223042-2058812434-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1257975053430 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://totalinvestmentmanagement.webex.com...nbr/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/18 20:16:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
[2010/02/18 19:56:40 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/02/17 21:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Adobe
[2010/02/17 11:14:43 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/17 11:14:43 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/17 11:14:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/02/17 11:14:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/02/17 11:14:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/02/17 11:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/02/17 11:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/02/17 10:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/17 10:25:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/17 10:25:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/17 10:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/16 23:47:36 | 000,000,000 | ---D | C] -- C:\omboFix
[2010/02/16 22:47:51 | 000,472,064 | ---- | C] ( ) -- C:\Documents and Settings\William Miller\Desktop\RootRepeal.exe
[2010/02/16 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\RootRepeal
[2010/02/16 22:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\verify clean logs
[2010/02/13 14:43:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/12 18:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\gmer
[2010/02/12 18:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\WinRAR
[2010/02/12 17:44:35 | 001,394,000 | ---- | C] (Malwarebytes Corporation) -- C:\Documents and Settings\William Miller\Desktop\z,zt,oy1.exe
[2010/02/05 01:32:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Recent
[2010/02/04 20:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\SUPERAntiSpyware.com
[2010/02/04 20:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Malwarebytes
[2010/02/04 20:14:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/04 20:14:21 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/04 20:10:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Miller.PC201571947580\PrivacIE
[2010/02/04 17:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Adobe
[2010/02/04 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Mozilla
[2010/02/04 17:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Mozilla
[2010/02/04 17:26:39 | 004,020,604 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\William Miller\Desktop\mb2.exe
[2010/02/04 17:21:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William Miller\Desktop\My Music
[2010/02/04 17:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\Left on Desk
[2010/02/04 17:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\fixinsMB
[2010/02/04 17:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\Computer Maintenance
[2010/02/04 17:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\backups
[2010/02/04 14:09:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Miller.PC201571947580\IETldCache
[2010/02/04 14:09:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\William Miller.PC201571947580\Cookies
[2010/02/04 14:08:09 | 000,051,192 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/04 14:08:09 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\fusioncache.dat
[2010/02/04 14:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\DSwitch.txt
[2010/02/04 14:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\AtStart.txt
[2010/02/04 14:08:08 | 004,845,924 | -H-- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\IconCache.db
[2010/02/04 14:08:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\QSwitch.txt
[2010/02/04 14:07:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Microsoft
[2010/02/04 14:07:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data
[2010/02/04 14:07:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Start Menu
[2010/02/04 14:07:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Templates
[2010/02/04 14:07:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Wildtangent
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Microsoft
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Macromedia
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\IsolatedStorage
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Intuit
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Application Data\Identities
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\HP
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Google
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\BVRP Software
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\ApplicationHistory
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\Apple Computer
[2010/02/04 14:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2010/02/04 12:29:19 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\William Miller\Desktop\Fix-V-u-n-do.exe
[2010/02/03 16:40:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/03 16:30:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/03 14:40:09 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\William Miller\Desktop\HijackThis(2).exe
[2010/02/03 09:32:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/03 09:31:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/03 09:31:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/03 09:31:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/03 09:31:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/03 09:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/03 09:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/03 02:28:53 | 000,000,000 | ---D | C] -- C:\!aM anti-Malware
[2010/01/31 22:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/31 22:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/31 21:23:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/30 15:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\My Documents\Downloads
[2010/01/26 00:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/26 00:10:54 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/01/26 00:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/01/25 19:38:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/25 19:38:55 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/01/22 22:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/01/22 17:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/01/22 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/22 16:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/01/22 16:43:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/01/22 16:42:59 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/22 16:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/01/21 10:07:22 | 000,089,184 | ---- | C] (Ahead Software AG and its licensors) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2010/01/21 10:07:22 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\ImageDrive.cpl
[2010/01/21 10:07:04 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/01/21 10:07:03 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2010/01/21 10:07:03 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2010/01/21 10:07:03 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2010/01/21 10:07:01 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/01/21 10:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/01/21 10:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/01/21 09:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/01/20 18:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Projects
[2010/01/20 13:14:57 | 000,000,000 | ---D | C] -- C:\SP2
[2010/01/20 13:12:00 | 000,000,000 | ---D | C] -- C:\XP
[2008/04/29 23:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\tor
[2008/04/29 12:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\tor
[2008/02/15 20:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/10/29 09:42:41 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnp2uvc.dll
[2006/06/29 14:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/29 10:49:18 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 03:00:22 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 15:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/09/24 07:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/18 20:23:32 | 000,077,312 | ---- | M] () -- C:\mbr.exe
[2010/02/18 20:22:10 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\mbr.exe
[2010/02/18 20:16:56 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTL.exe
[2010/02/18 19:58:20 | 000,001,395 | ---- | M] () -- C:\hpqp.ini
[2010/02/18 19:57:08 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/18 19:57:08 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2010/02/18 19:57:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/18 19:57:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/18 19:56:59 | 1005,170,688 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () -- C:\cleanup.exe
[2010/02/18 19:54:15 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\William Miller.PC201571947580\NTUSER.DAT
[2010/02/18 19:54:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\William Miller.PC201571947580\ntuser.ini
[2010/02/18 19:51:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
[2010/02/18 17:57:12 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\William Miller\My Documents\First Day of Lent.doc
[2010/02/18 17:24:33 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/17 11:14:54 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/17 11:05:34 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/17 10:21:25 | 030,909,992 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\avira_antivir_personal_en.exe
[2010/02/17 06:45:15 | 000,000,015 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\settings.dat
[2010/02/14 20:24:45 | 000,000,636 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/02/13 14:51:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
[2010/02/12 18:32:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to My Computer.lnk
[2010/02/12 18:27:30 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\gmer.zip
[2010/02/12 18:16:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\William Miller.PC201571947580\defogger_reenable
[2010/02/12 18:15:07 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Defogger.exe
[2010/02/12 18:11:06 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2010/02/12 09:40:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/12 08:21:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/04 23:56:36 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\explorMB.lnk
[2010/02/04 20:35:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/04 17:26:03 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to Desktop.lnk
[2010/02/04 14:10:03 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Windows Media Player.lnk
[2010/02/04 14:05:29 | 000,028,051 | ---- | M] () -- C:\backup.reg
[2010/02/04 12:29:19 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\William Miller\Desktop\Fix-V-u-n-do.exe
[2010/02/03 16:40:54 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2010/02/03 14:40:07 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\William Miller\Desktop\HijackThis(2).exe
[2010/02/03 11:41:44 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer (2).lnk
[2010/02/03 09:38:22 | 000,000,905 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/03 09:31:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/02/03 09:31:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/03 09:31:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/03 09:31:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/03 09:31:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/02/03 02:25:07 | 000,731,136 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\avenger.exe
[2010/01/31 21:08:55 | 004,020,604 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\William Miller\Desktop\mb2.exe
[2010/01/31 21:00:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\mb1.exe
[2010/01/31 20:56:34 | 007,520,288 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\SUPERAntiSpyware.exe
[2010/01/30 16:29:52 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/30 14:52:00 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Google Chrome.lnk
[2010/01/26 08:28:23 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer.lnk
[2010/01/26 00:26:29 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/22 16:44:08 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
[2010/01/22 16:44:05 | 000,477,076 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 16:44:05 | 000,413,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 16:44:05 | 000,063,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 16:42:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/22 16:42:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/22 16:40:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/22 07:12:25 | 000,263,168 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\!aM-r-k-i-l-l.com
[2010/01/21 10:08:58 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/20 18:51:50 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\IsoBuster.lnk
[2010/01/20 06:34:29 | 000,373,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100130-143634.backup
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/18 20:23:31 | 000,077,312 | ---- | C] () -- C:\mbr.exe
[2010/02/18 20:22:09 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\mbr.exe
[2010/02/18 17:57:08 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\First Day of Lent.doc
[2010/02/17 11:14:54 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/02/17 11:10:13 | 000,000,000 | ---- | C] () -- C:\cleanup.exe
[2010/02/17 10:20:44 | 030,909,992 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\avira_antivir_personal_en.exe
[2010/02/16 23:41:01 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\avenger.exe
[2010/02/16 22:53:41 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\settings.dat
[2010/02/12 18:32:49 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to My Computer.lnk
[2010/02/12 18:29:09 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\g,m,e,r.exe
[2010/02/12 18:27:44 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\gmer.zip
[2010/02/12 18:16:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\defogger_reenable
[2010/02/12 18:15:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Defogger.exe
[2010/02/12 09:36:38 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/04 23:47:01 | 1005,170,688 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/04 23:39:19 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\explorMB.lnk
[2010/02/04 17:54:28 | 000,000,039 | ---- | C] () -- C:\XP_TV.ini
[2010/02/04 17:26:40 | 007,520,288 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\SUPERAntiSpyware.exe
[2010/02/04 17:26:40 | 000,002,131 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Quicken 2004.lnk
[2010/02/04 17:26:40 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Sortabid 2000.lnk
[2010/02/04 17:26:40 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer.lnk
[2010/02/04 17:26:40 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer (3).lnk
[2010/02/04 17:26:40 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Explorer (2).lnk
[2010/02/04 17:26:40 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Screen Shot Deluxe 3.0.lnk
[2010/02/04 17:26:40 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Spybot - Search & Destroy.lnk
[2010/02/04 17:26:40 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Revo Uninstaller.lnk
[2010/02/04 17:26:40 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\NetworkActiv PIAFCTM 2.2.lnk
[2010/02/04 17:26:40 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Romanian-English Dictionary.lnk
[2010/02/04 17:26:40 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\WebTime.lnk
[2010/02/04 17:26:40 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Web Activity Monitor.lnk
[2010/02/04 17:26:40 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to e-Sword.old.lnk
[2010/02/04 17:26:39 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Kristen's Menu.doc
[2010/02/04 17:26:39 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\MailWasher Free.lnk
[2010/02/04 17:26:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\mb1.exe
[2010/02/04 17:26:03 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Shortcut to Desktop.lnk
[2010/02/04 14:10:03 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Windows Media Player.lnk
[2010/02/04 14:08:11 | 000,000,992 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Help and Support.lnk
[2010/02/04 14:07:54 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk.disabled
[2010/02/04 14:07:54 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\William Miller\Start Menu\Programs\Startup\Vongo Tray.lnk
[2010/02/04 14:07:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\ntuser.ini
[2010/02/04 14:07:53 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\William Miller.PC201571947580\NTUSER.DAT
[2010/02/04 14:05:29 | 000,028,051 | ---- | C] () -- C:\backup.reg
[2010/02/03 16:40:49 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/01/30 14:52:00 | 000,002,351 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Google Chrome.lnk
[2010/01/30 14:46:28 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005UA.job
[2010/01/30 14:46:28 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-332905825-2553223042-2058812434-1005Core.job
[2010/01/26 00:26:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/26 00:11:00 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/22 16:44:08 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
[2010/01/22 16:40:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/01/22 07:12:22 | 000,263,168 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\!aM-r-k-i-l-l.com
[2010/01/21 10:08:58 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/01/20 18:51:50 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\IsoBuster.lnk
[2010/01/08 18:04:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/05/18 19:03:07 | 000,000,837 | ---- | C] () -- C:\WINDOWS\sshot.ini
[2009/02/23 20:35:07 | 000,000,127 | ---- | C] () -- C:\WINDOWS\PTMAIL.INI
[2009/02/23 20:35:07 | 000,000,069 | ---- | C] () -- C:\WINDOWS\Parsons.ini
[2009/02/23 13:30:53 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2009/02/23 12:00:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2008/03/14 07:26:19 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/05 04:45:44 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/12 03:44:46 | 000,001,044 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2006/11/12 03:44:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/10/15 22:20:13 | 000,000,636 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/15 22:17:01 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/10/15 21:56:09 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/10/15 21:36:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/15 20:16:22 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/15 20:16:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/15 20:16:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/15 20:16:10 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/15 20:16:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/15 20:16:09 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/30 21:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/05 11:28:58 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2006/06/29 11:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 10:46:56 | 000,004,463 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 10:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/03 23:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/12/02 10:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 12:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 00:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () -- C:\cleanup.exe
[2010/02/18 20:23:32 | 000,077,312 | ---- | M] () -- C:\mbr.exe


< MD5 for: AGP440.SYS >
[2006/03/15 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\SP2\i386\sp2.cab:AGP440.sys
[2006/03/15 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/15 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\SP2\i386\sp2.cab:atapi.sys
[2006/03/15 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: CLEANUP.EXE >
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\cleanup.exe
[2010/02/17 11:10:13 | 000,019,286 | ---- | M] () MD5=D5816BDDD4382975C1693CCE68547FCC -- C:\Avenger\cleanup.exe

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/15 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2006/03/15 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\chipset\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\SWSetup\SP33031\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2006/03/15 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

< MD5 for: [2004/08/04 05:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: [2004/08/04 06:07:42 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2004/08/04 06:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: [2005/10/13 01:07:12 | 000,874,240 | ---- | M] (INTEL CORPORATION) >
[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) -- C:\SWSetup\HDD\iastor.sys
[2005/10/13 01:07:12 | 000,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: [2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA CORPORATION) >
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvata.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\Chip\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\chip\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 07:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\chipset\nvatabus.sys

< MD5 for: [2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA CORPORATION) >
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\SP33031\IDE\Win2K\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\SP33031\IDE\WinXP\sata_ide\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\SP33031\nvata.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\SP33031\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\SP33031\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/27 14:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) -- C:\SWSetup\SP33031\nvatabus.sys

< MD5 for: [2006/03/15 20:00:00 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: [2006/03/15 20:00:00 | 000,180,224 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: [2006/03/15 20:00:00 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2006/03/15 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: [2008/04/13 10:36:38 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: [2008/04/13 10:40:30 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: [2008/04/13 16:11:53 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: [2008/04/13 16:12:01 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: [2008/04/13 16:12:05 | 000,181,248 | ---- | M] (MICROSOFT CORPORATION) >
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< MD5 for: [2009/02/06 10:46:09 | 000,408,064 | ---- | M] (MICROSOFT CORPORATION) >
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: [2010/02/17 11:10:13 | 000,019,286 | ---- | M] () >
[2010/02/17 11:10:13 | 000,019,286 | ---- | M] () -- C:\Avenger\cleanup.exe

< MD5 for: [2010/02/18 19:56:40 | 000,000,000 | ---- | M] () >
[2010/02/18 19:56:40 | 000,000,000 | ---- | M] () -- C:\cleanup.exe

< MD5 for: AGP440.SYS >
[2006/03/15 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\SP2\i386\sp2.cab:AGP440.sys
[2006/03/15 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2006/03/15 12:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\SP2\i386\sp2.cab:atapi.sys
[2006/03/15 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/11 14:12:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\XP\I386\sp2.cab:atapi.sys

< %systemroot%\*. /mp /s >

< End of report >


OTL Extras logfile created on: 2/18/2010 8:24:56 PM - Run 1
OTL by OldTimer - Version 3.1.30.0 Folder = C:\Documents and Settings\William Miller\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 492.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.37 Gb Total Space | 28.38 Gb Free Space | 35.31% Space Free | Partition Type: NTFS
Drive D: | 11.75 Gb Total Space | 1.20 Gb Free Space | 10.19% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC201571947580
Current User Name: William Miller
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mqsvc.exe" = C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\HP Rhapsody\rhapsody.exe" = C:\Program Files\HP Rhapsody\rhapsody.exe:*:Enabled:Rhapsody -- (RealNetworks, Inc.)
"C:\Program Files\Rhapsody\rhapsody.exe" = C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Pavilion Webcam
"{3C5EA394-1033-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 G2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5590FCB1-AA19-4510-9FC1-BB6A8E0A14A5}" = Access Manager 2
"{63A3856B-5C0E-4BC1-B508-629AE74B6BBA}" = HP User Guides 0027
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{74972DF8-DE57-405E-907B-528E3D352155}" = e-Sword
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EC397D90-720E-426D-B381-0A10C6FD5A49}" = HP Pavilion Webcam Demo
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_wis30B5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Quintessential Media Player" = Quintessential Media Player
"Revo Uninstaller" = Revo Uninstaller 1.83
"Screen Shot Deluxe 3.0" = Screen Shot Deluxe 3.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WebTime" = WebTime
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2010 6:20:36 AM | Computer Name = PC201571947580 | Source = ESENT | ID = 455
Description = wuaueng.dll (3676) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 2/6/2010 7:13:26 AM | Computer Name = PC201571947580 | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 2/6/2010 7:58:36 AM | Computer Name = PC201571947580 | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 2/6/2010 8:44:07 AM | Computer Name = PC201571947580 | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 2/6/2010 9:54:32 AM | Computer Name = PC201571947580 | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 2/6/2010 10:37:57 AM | Computer Name = PC201571947580 | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.


Error - 2/17/2010 3:02:37 AM | Computer Name = PC201571947580 | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/18/2010 11:51:59 PM | Computer Name = PC201571947580 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/18/2010 11:52:00 PM | Computer Name = PC201571947580 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/18/2010 11:52:01 PM | Computer Name = PC201571947580 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/17/2010 9:59:26 AM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.

Error - 2/17/2010 10:20:35 AM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/17/2010 10:29:26 AM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/17/2010 10:30:59 AM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Media Player
Network Sharing Service service to connect.

Error - 2/17/2010 10:30:59 AM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1053

Error - 2/17/2010 10:45:20 AM | Computer Name = PC201571947580 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system
without first being prepared for removal.

Error - 2/17/2010 2:29:56 PM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde Pcmcia ViaIde

Error - 2/17/2010 2:58:21 PM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/17/2010 3:02:37 PM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 2/18/2010 11:58:17 PM | Computer Name = PC201571947580 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde Pcmcia ViaIde


< End of report >




Here is the MBR log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
kernel: MBR read successfully





Thanks,Sam, I need the help.


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 19 February 2010 - 08:17 AM

Please visit the online Virustotal Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    C:\Avenger\cleanup.exe



  • The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.



Also submit this file.

C:\cleanup.exe




=====================


We Need to check for Rootkits with RootRepeal
  1. Download RootRepeal from the following location and save it to your desktop.
  2. Extract RootRepeal.exe from the archive.
  3. Open on your desktop.
  4. Click the tab.
  5. Click the button.
  6. Check all seven boxes:
  7. Push Ok
  8. Check the box for your main system drive (Usually C:), and press Ok.
  9. Allow RootRepeal to run a scan of your system. This may take some time.
  10. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 bill49miller

bill49miller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 19 February 2010 - 02:18 PM






Good morning, Sam,


You were up early.


Please NOTE:
I uninstalled AVG and installed Avira on Wednesday morning.
I turned off the Avira Guard function for the scans. Now no matter what I
do I cannot get the Guard function to activate again. Could this be the malware preventing
Avira arming, or should I simply uninstall and reinstall AVira?

Also NOTE:
The last time I ran Avenger (last week I think), in addition to checking the box Scan for Rootkits, I included the script:
"Files to replace with dummy:
C:\cleanup.exe" which Avenger successfully performed.
Crafty Trojan. The hidden process then put the real cleanup.exe into the Avenger folder, apparently. Left the dummy cleanup.exe in place on C:\.




Here is the VirusTotal report on C:\cleanup.exe :

0 bytes size received / Se ha recibido un archivo vacio





Here is the VirusTotal report for c:\Avenger\cleanup.exe :

File cleanup.exe received on 2010.02.17 05:04:32 (UTC)
Current status: finished
Result: 19/39 (48.72%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.17 -
AhnLab-V3 5.0.0.2 2010.02.16 Win-Trojan/Zapchast.19286
AntiVir 8.2.1.170 2010.02.16 -
Antiy-AVL 2.0.3.7 2010.02.17 Trojan/Win32.Zapchast.gen
Authentium 5.2.0.5 2010.02.17 W32/Zapchast.M
Avast 4.8.1351.0 2010.02.16 -
AVG 9.0.0.730 2010.02.16 -
BitDefender 7.2 2010.02.17 -
CAT-QuickHeal 10.00 2010.02.17 Trojan.Zapchast.uy
ClamAV 0.96.0.0-git 2010.02.16 -
Comodo 3963 2010.02.17 TrojWare.Win32.Trojan.Agent.~FLX
DrWeb 5.0.1.12222 2010.02.17 -
eSafe 7.0.17.0 2010.02.16 Win32.Banker
eTrust-Vet 35.2.7307 2010.02.16 Win32/Crykee.A
F-Prot 4.5.1.85 2010.02.16 W32/Zapchast.M
F-Secure 9.0.15370.0 2010.02.17 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.17 -
Ikarus T3.1.1.80.0 2010.02.17 -
Jiangmin 13.0.900 2010.02.16 Trojan/Zapchast.gd
K7AntiVirus 7.10.974 2010.02.15 Trojan.Win32.Zapchast.uy
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5894 2010.02.16 ZapChast.gen
McAfee+Artemis 5894 2010.02.16 ZapChast.gen
Microsoft 1.5406 2010.02.17 -
NOD32 4872 2010.02.16 -
Norman 6.04.08 2010.02.16 W32/Zapchast.CTP
nProtect 2009.1.8.0 2010.02.16 Trojan/W32.Zapchast.19286
Panda 10.0.2.2 2010.02.16 Trj/SMSlock.C
PCTools 7.0.3.5 2010.02.17 -
Rising 22.34.01.03 2010.02.11 Trojan.Win32.Generic.51ECA4EB
Sophos 4.50.0 2010.02.17 -
Sunbelt 5682 2010.02.17 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.02.17 -
TheHacker 6.5.1.4.197 2010.02.17 Trojan/Zapchast.uy
TrendMicro 9.120.0.1004 2010.02.17 -
VBA32 3.12.12.2 2010.02.16 -
ViRobot 2010.2.17.2189 2010.02.17 -
VirusBuster 5.0.21.0 2010.02.16 Trojan.Zapchast.AAD
Additional information
File size: 19286 bytes
MD5 : d5816bddd4382975c1693cce68547fcc
SHA1 : 619e67d565bb4e5ce9557aff4e0a3bdf8d11b74d
SHA256: 1ae97262a5b5e5441cfd323d417bbf1ffc098b3f89511dede3acae0a9674dc09
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1270
timedatestamp.....: 0x47015CEB (Mon Oct 1 22:47:39 2007)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xB54 0xC00 5.48 44d933106a3edaa1ea0923e3a590d81c
.data 0x2000 0x40 0x200 0.24 fd6aedd25b4af2b3e63bd6a47ce9e869
.rdata 0x3000 0x110 0x200 3.43 2b91466a78f8053670b02931f12fe86c
.bss 0x4000 0xB0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x5000 0x380 0x400 3.83 c2b2c447c07b3bf718dd3b2d768b44f4
.rsrc 0x6000 0x228 0x400 3.30 ce174c9e8e0a5273c9bff5ec5041bada

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...1693cce68547fcc
ssdeep: 192:eM9alm1rkmlxiIHP9JXRJl46jU17jyFg97CDi:eEkQxFHP9/Jl46j8mi9OW
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Prevx Info: http://info.prevx.com/aboutprogramtext.asp...3C94B0093EF2759
PEiD : Dev-C++ 4.9.9.2 -> Bloodshed Software
PDFiD : ['-', None, None]
CWSandbox: http://research.sunbelt-software.com/partn...1693cce68547fcc
RDS : NSRL Reference Data Set
-






I used .rar and downloaded RootRepeal to the desktop.
Here is the RootRepeal text:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/19 09:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: cdrpdacc.sys
Image Path: C:\Program Files\Quintessential Media Player\cdrpdacc.sys
Address: 0xF7A25000 Size: 4800 File Visible: - Signed: No
Status: -

Name: dump_nvata.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0xECAD6000 Size: 102400 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A13000 Size: 8192 File Visible: No Signed: No
Status: -

Name: mqac.sys
Image Path: C:\WINDOWS\system32\drivers\mqac.sys
Address: 0xBA0D1000 Size: 91776 File Visible: - Signed: No
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7717000 Size: 20000 File Visible: - Signed: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9C77000 Size: 49152 File Visible: No Signed: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\pagefile.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Temp\etilqs_5wI1Vfquh8wkELUaRfmU
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Documents and Settings\William Miller.PC201571947580\Local Settings\Temp\etilqs_Vq3aqP8iMbwGRkyqXcHq
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

==EOF==



Sam, Thank you,

Bill




xx

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 19 February 2010 - 05:23 PM

I don't know much about Avira I'm afraid. Never used it myself. I don't think malware is preventing it from running properly.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Please post the contents of the log from DrWeb in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 24 February 2010 - 08:39 AM

Hey Bill! Are you still with me?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 bill49miller

bill49miller
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 27 February 2010 - 02:39 PM

Hello Sam,
Sorry it has taken me so long to get back to you. I had to shut down my home wireless internet.
The guy behind the trojan won.

The morning after you asked me to run DrWebCleanup, I went to post the results (trojans detected, not able to delete them). As I was typing in notepad, I saw that my keyboard was in Spanish, not English (Spanish characters when ; was hit, z when y was hit, y when z was hit, etc). I checked the system tray, which still indicated English.
I checked the Windows Firewall, still running, but more exceptions which I did not recognize, and in the Advanced page Remote Desktop, Remote File Sharing, and Remote Access enabled (none of which I had ever enabled on any computer I owned). I went into services, but I could not diable any of those (grayed out). I found another user id created on the computer, my name with a number. We were penetrated deeply.

I started typing into notepad for you those findings, and the keyboard suddenly reverted back to English. I was as if someone was watching over my should what I was typing.

So I went to the wireless router and cable modem and literally pulled the plug on them both. Since the computer had a lot of our personal information on it, I went into damage control mode and called the bank and put a fraud alert with Experian, began changing user ids and passwords from the public library computer when I had a day off from work (cannot access the web from our computer at work) .


I spoke with our IT tech at work, and he advised me that once inside our home wireless network, the intruder had access to all three of our computers, and all three were probably infected (he was right), and so I should back up the data, reformat and reinstall Windows XP on each one. Another friend advised me to replace the cable modem and wireless router so that the MAC address would be different on the web (I do not know about this). Another said that I should call Comcast and have them reassign to me a new IP address (do not know about this either). All this is well above my level of expertise. The IT tech at work also said I should set up the home network manually with each home computer assigned a specific IP address, so no one can add another computer to the network, but I do not know how to do this. I will try to find someone who knows how to do these things. Meanwhile I have been gone away at work alot too.

Anyway, I am grateful for your help. I will donate to bleepingcomputer when I have a new credit card and Paypal account to enable online transactions.

Thanks,

Bill

Edited by bill49miller, 27 February 2010 - 02:46 PM.


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:38 AM

Posted 28 February 2010 - 11:38 AM

Hmmmm. . . . ok. Sounds like you got it all sorted out.
Thank you for following up with me.



Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users