Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent and Trojan.Vundo


  • This topic is locked This topic is locked
27 replies to this topic

#1 mr.flibble

mr.flibble

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2010 - 03:07 AM

Hi,

On my old XP desktop that I just got running again, I found Trojsn.Agent and Trojan.Vundo were present. As many others have noted, Malwarebytes' Anti-malware isn't removing them successully even though the app says they are getting quarantined. Anyhow, any help would be greatly appreciated.

Here are the logs for DDS, Malwarebytes Anti-Malware, and HijackThis from when I ran them earlier today. I would have posted a lot for GMER but the system kept freezing when saving the log after being run.

Thanks,

-e

====================================================================


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 16:37:15.60 on Sun 03/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.276 [GMT -8:00]

AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sfgate.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=US&language=en&PURCH_DT_MONTH=01&PURCH_DT_DAY=01&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=CNH61912DK&application=305&modelID=EX272AA&LF=blue
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: HpWebHelper: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: ICQ Toolbar: {855f3b16-6d32-4fe6-8a56-bbb695989046} -
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WinMem] c:\program files\wincleaner memory optimizer\WinMemOpt.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [hgdaaadrv] rundll32.exe "byvwwt.dll",s
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [efdcdedrv] rundll32.exe "byvwwt.dll",s
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267250607906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {1AD773FB-91FD-4671-A270-72CA1FA19973} = 68.87.76.178,68.87.78.130
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\progra~1\dvdreg~1\DVDShell.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\fx4zvjn2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sfgate.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-25 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-25 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-1 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-8 29512]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-1 242696]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-4 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-4 5888008]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2008-5-1 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-25 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-25 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-25 26120]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2005-12-31 627072]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-26 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2008-5-1 30104]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-27 14424]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-3-18 15576]

=============== Created Last 30 ================

2010-03-07 00:44:15 0 d-----w- C:\ComboFix
2010-03-06 21:26:27 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-06 21:26:25 0 d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-06 21:26:23 0 d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-06 21:26:20 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-05 01:27:28 0 ----a-w- c:\documents and settings\hp_administrator\defogger_reenable
2010-03-04 20:53:30 311296 ----a-w- c:\windows\~DF8AD2.tmp
2010-03-04 19:44:34 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-04 19:38:52 0 d-----w- c:\windows\ERUNT
2010-03-04 19:32:03 0 d-----w- C:\SDFix
2010-03-04 19:11:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-03 07:19:51 0 d-----w- c:\docume~1\hp_adm~1\applic~1\AVG9
2010-03-03 05:15:38 98816 ----a-w- c:\windows\sed.exe
2010-03-03 05:15:38 77312 ----a-w- c:\windows\MBR.exe
2010-03-03 05:15:38 261632 ----a-w- c:\windows\PEV.exe
2010-03-03 05:15:38 161792 ----a-w- c:\windows\SWREG.exe
2010-03-03 05:14:41 99840 ---ha-w- c:\windows\system32\byvwwt.dll
2010-03-02 19:18:13 0 d-----w- c:\program files\Trend Micro
2010-03-02 18:48:31 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2010-03-02 18:48:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 18:48:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-02 18:48:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 18:47:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 23:53:05 0 ----a-w- c:\windows\system32\eFax_4_4_Port
2010-03-01 23:53:04 0 d-----w- c:\docume~1\alluse~1\applic~1\eFax Messenger 4.4 Output
2010-03-01 23:52:19 0 d-----w- c:\program files\eFax Messenger 4.4
2010-03-01 23:52:09 0 d-----w- c:\docume~1\hp_adm~1\applic~1\j2 Global
2010-03-01 21:42:27 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-27 23:28:57 0 d-----w- c:\program files\PeerBlock
2010-02-27 22:57:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Auslogics
2010-02-27 21:52:32 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-27 21:52:32 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-02-27 21:02:22 0 d-----w- C:\INVENTION_OF_LYING
2010-02-27 07:35:11 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-27 07:16:59 0 d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2010-02-27 07:16:18 0 d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-02-27 06:53:53 0 d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-02-27 06:39:37 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-27 06:39:16 0 d-----w- c:\windows\ie8updates
2010-02-27 06:38:36 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-27 06:38:34 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-27 06:35:24 0 dc-h--w- c:\windows\ie8
2010-02-27 00:51:03 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-02-26 06:09:14 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Auslogics
2010-02-26 06:08:36 0 d-----w- c:\program files\Auslogics
2010-02-26 05:33:17 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-26 05:33:17 0 d-----w- C:\$AVG
2010-02-26 05:32:28 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-26 05:31:48 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-26 05:31:00 0 d-----w- c:\windows\SxsCaPendDel
2010-02-26 05:29:16 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-26 05:29:16 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-26 05:28:56 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-26 05:28:56 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-26 05:28:56 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-26 05:28:56 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-02-26 05:28:56 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-26 05:28:56 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-02-26 05:28:55 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-26 05:28:55 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-26 05:28:19 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-26 05:28:07 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-02-26 05:26:14 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-26 05:18:15 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-26 05:18:14 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-02-26 05:18:14 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-02-26 05:06:52 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

==================== Find3M ====================

2010-03-04 21:43:24 3402 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-04 19:11:31 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 19:06:17 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-02 18:20:45 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-03-02 18:20:45 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-26 05:31:58 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-26 05:31:58 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-05 10:00:21 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-12-21 19:14:05 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-12-21 19:14:04 5942784 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-12-21 19:14:04 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-12-21 19:14:03 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 19:14:03 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 19:14:03 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-12-21 19:14:03 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 19:14:03 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-12-21 19:14:02 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 19:14:01 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2006-09-04 04:48:28 88 --sh--r- c:\windows\system32\882D662BFB.sys
2008-09-01 18:17:41 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 16:37:31.21 ===============

Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/7/2010 4:08:09 PM
mbam-log-2010-03-07 (16-08-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 384036
Time elapsed: 2 hour(s), 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iiigfedrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yaxxvudrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vtutrrdrv (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vtutrrdrv (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

==========================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:17 PM, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/servlet/WebReg.serv...2AA&LF=blue
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [efdcdedrv] rundll32.exe "byvwwt.dll",s
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [hgdaaadrv] rundll32.exe "byvwwt.dll",s
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1267250607906
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AD773FB-91FD-4671-A270-72CA1FA19973}: NameServer = 68.87.76.178,68.87.78.130
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 13295 bytes



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 10 March 2010 - 07:21 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 March 2010 - 01:50 AM

Thanks. Here are the OTL and Extras log files.

OTL logfile created on: 3/13/2010 10:07:32 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 281.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.08 Gb Total Space | 21.41 Gb Free Space | 9.55% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.44 Gb Free Space | 5.05% Space Free | Partition Type: FAT32
Drive E: | 89.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.65 Gb Total Space | 339.40 Gb Free Space | 72.89% Space Free | Partition Type: FAT32
Drive K: | 931.51 Gb Total Space | 632.66 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
Drive N: | 968.38 Mb Total Space | 694.41 Mb Free Space | 71.71% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/13 21:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/03/04 11:11:03 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/04 11:10:58 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/04 11:10:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 11:08:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/04 11:07:00 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 11:06:16 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/04 11:05:51 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/04 11:04:18 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/26 16:11:14 | 008,318,056 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/01/07 16:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam-renamed.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/07 12:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 12:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/18 15:29:19 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/03 11:04:16 | 000,507,392 | ---- | M] (Businesss Logic Corporation) -- C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
PRC - [2006/05/06 12:31:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/03/20 01:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/15 18:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/15 18:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/15 18:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/02 15:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/03/14 12:39:06 | 000,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZinw12.exe


========== Modules (SafeList) ==========

MOD - [2010/03/13 21:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2004/10/09 14:18:02 | 000,049,152 | ---- | M] (Fengtao Software Inc.) -- C:\Program Files\DVD Region+CSS Free\DVDShell.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/13 17:38:46 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 11:10:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 11:08:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 11:07:00 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/02 15:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/03/04 11:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/04 11:10:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 11:09:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/04 11:09:10 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/04 11:09:10 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/04 11:09:09 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/04 11:06:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 11:04:21 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/25 21:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/25 21:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/09/28 02:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2008/12/04 05:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/30 18:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/25 05:29:00 | 004,623,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/22 23:07:23 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/09/23 08:13:28 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/05/09 21:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/16 22:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/18 11:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2005/03/09 06:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/16 16:41:30 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/12/16 16:40:04 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2004/08/03 06:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sfgate.com/"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.6.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8bc5b5eb-0ec4-46ed-a024-ace8a3032888}:4.2.3
FF - prefs.js..extensions.enabledItems: {EB8ABF49-0290-410f-BDF2-2F13A38112AB}:0.5.4
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.024
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8088
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8088
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8088
FF - prefs.js..network.proxy.no_proxies_on: "*.r2.attbi.com"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8088
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8088


FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2007/09/22 11:22:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2010/03/13 17:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\Program Files\eMusic Remote\remoteExt [2007/09/22 11:22:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/04 12:11:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 17:46:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/26 16:11:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/26 23:40:55 | 000,000,000 | ---D | M]

[2010/02/25 21:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/03/13 20:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions
[2010/02/26 10:05:59 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/27 10:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/07/03 14:43:46 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2010/02/26 10:05:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/09/19 16:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2008/10/16 09:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2008/10/16 09:01:06 | 000,000,000 | ---D | M] (PhishTank SiteChecker) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888}
[2010/03/02 11:12:05 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2008/02/02 09:13:01 | 000,000,000 | ---D | M] (Message Level Authentication) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{A2F388E5-2777-454e-85BB-58E6FB48E690}
[2010/03/13 20:17:28 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/26 10:05:57 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/02/26 10:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/02/26 10:05:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2007/09/19 16:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{EB8ABF49-0290-410f-BDF2-2F13A38112AB}
[2010/02/25 21:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\unplug@compunach
[2007/09/19 16:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\videodowloader@videodownloader.net
[2010/03/12 17:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 19:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/08/01 01:30:56 | 000,532,480 | ---- | M] (Lizardtech Software) -- C:\Program Files\Mozilla Firefox\plugins\npexview.dll
[2007/06/01 15:51:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/05/23 16:19:18 | 000,418,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/03/13 14:45:53 | 000,000,057 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.1.100 HP000D9D272E9B
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [geefdbdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [mlmkkhdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-18..\Run: [mlmkkhdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [tutuvudrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe (Businesss Logic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://maps.ci.redding.ca.us/redding_pub/h...ps/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1267250607906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 12:45:52 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/02/16 19:22:11 | 000,000,033 | -HS- | M] () - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 11:13:14 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/13 21:36:50 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/13 18:35:54 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2010/03/13 18:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/03/13 17:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/03/13 17:20:49 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2010/03/13 16:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Adobe Acrobat 9 Std
[2010/03/13 16:33:31 | 332,276,208 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\ACRO9_Win_WEB_WWEFG.exe
[2010/03/13 16:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Download Manager
[2010/03/13 14:47:06 | 000,139,345 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt12.dll
[2010/03/13 14:46:00 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/03/13 13:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads
[2010/03/11 11:16:33 | 003,130,625 | ---- | C] (Autodesk) -- C:\Documents and Settings\HP_Administrator\Desktop\MgControl6.5SP1.exe
[2010/03/09 17:10:36 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 17:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 19:01:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/06 16:44:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/06 13:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/03/06 13:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/03/06 13:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/03/06 13:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/03/04 17:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2010/03/04 12:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2010/03/04 11:44:34 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/03/04 11:38:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/03/04 11:32:03 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/03/04 11:11:00 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/02 23:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG9
[2010/03/02 21:15:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/02 21:15:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/02 21:15:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/02 21:15:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/02 21:14:41 | 000,099,840 | -H-- | C] (RealWorld Graphics) -- C:\WINDOWS\System32\byvwwt.dll
[2010/03/02 21:13:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/02 21:13:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/02 20:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/02 19:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/03/02 19:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 19:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/02 16:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\XDelBox
[2010/03/02 11:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 11:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/02 10:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/03/02 10:48:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 10:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 10:48:00 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 10:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 10:46:40 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HIJACKTHISINSTALLER.EXE
[2010/03/02 09:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/01 15:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/03/01 15:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\eFax Messenger 4.4
[2010/03/01 15:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/03/01 15:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\j2 Global
[2010/02/27 15:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/02/27 14:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/02/27 13:52:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/27 13:52:32 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/27 13:05:52 | 006,523,624 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\HP_Administrator\Desktop\boost-speed-setup.exe
[2010/02/27 13:02:22 | 000,000,000 | ---D | C] -- C:\INVENTION_OF_LYING
[2010/02/26 23:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/26 23:16:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IECompatCache
[2010/02/26 23:16:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\PrivacIE
[2010/02/26 22:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/26 22:53:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IETldCache
[2010/02/26 22:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/26 22:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/26 22:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/26 22:35:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/25 22:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Auslogics
[2010/02/25 22:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/02/25 21:33:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/25 21:33:17 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/25 21:32:28 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/25 21:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/25 21:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/25 21:29:16 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/25 21:29:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/25 21:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/25 21:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/25 21:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/25 21:23:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/25 21:23:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/25 21:23:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/25 21:06:52 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/05/01 16:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/05 19:30:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[2006/09/03 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2006/09/03 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2006/02/19 02:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/13 22:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/13 21:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/13 20:19:05 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/03/13 20:14:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 20:11:53 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/13 20:11:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/13 20:11:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/13 20:11:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 20:11:07 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/13 20:09:00 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/03/13 20:09:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/03/13 18:35:40 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/03/13 17:55:42 | 057,079,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/13 17:48:48 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 17:13:00 | 000,068,938 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2010/03/13 17:10:06 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/13 16:37:02 | 332,276,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\ACRO9_Win_WEB_WWEFG.exe
[2010/03/13 14:45:53 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/13 14:45:36 | 000,000,147 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/03/13 14:45:26 | 000,000,728 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010/03/13 13:00:58 | 000,571,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/03/12 09:10:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/03/12 08:00:32 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/03/11 11:16:34 | 003,130,625 | ---- | M] (Autodesk) -- C:\Documents and Settings\HP_Administrator\Desktop\MgControl6.5SP1.exe
[2010/03/11 07:27:49 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/06 17:06:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/06 13:30:38 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/03/06 12:13:20 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 17:33:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/04 17:28:22 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/04 17:27:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/04 17:27:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/03/04 13:43:24 | 000,003,402 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 11:44:34 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/03/04 11:20:18 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SDFix.exe
[2010/03/04 11:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/04 11:11:00 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/04 11:10:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/04 11:09:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/03/04 11:06:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/04 11:04:21 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/02 21:14:44 | 000,099,840 | -H-- | M] (RealWorld Graphics) -- C:\WINDOWS\System32\byvwwt.dll
[2010/03/02 21:14:20 | 003,876,891 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/03/02 20:09:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/02 15:56:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/02 13:07:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\qr9so97j.exe
[2010/03/02 11:18:39 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/03/02 10:46:46 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HIJACKTHISINSTALLER.EXE
[2010/03/02 10:20:45 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/01 16:29:16 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 16:21:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/03/01 16:01:38 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 16:01:38 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Compose Fax 4.4.lnk
[2010/03/01 16:01:38 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Messenger 4.4.lnk
[2010/02/27 15:28:58 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PeerBlock.lnk
[2010/02/27 13:08:26 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics BoostSpeed.lnk
[2010/02/27 13:05:59 | 006,523,624 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\HP_Administrator\Desktop\boost-speed-setup.exe
[2010/02/27 11:30:36 | 001,239,310 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ClearLooks_2_2.zip
[2010/02/26 23:47:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/26 22:51:05 | 002,647,594 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/02/26 21:38:55 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/26 21:38:55 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/26 21:38:55 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/25 22:39:00 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\20050225110725000_SM730B.exe
[2010/02/25 22:08:38 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics Registry Cleaner.lnk
[2010/02/25 21:32:33 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/25 21:32:30 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/25 21:32:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/25 21:31:58 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/25 21:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/25 21:07:46 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 17:17:55 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/03/13 14:45:36 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/03/13 14:45:11 | 000,000,728 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/03/13 14:40:16 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/03/13 14:40:16 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/03/07 16:33:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/03/07 16:33:38 | 000,000,538 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/03/04 17:33:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/04 17:28:21 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/04 17:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/04 17:27:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/03/04 12:12:40 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 11:20:16 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SDFix.exe
[2010/03/02 21:15:38 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/02 21:15:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/02 21:15:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/02 21:15:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/02 21:15:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/02 13:06:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\qr9so97j.exe
[2010/03/02 11:45:11 | 003,876,891 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/03/02 11:18:39 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/03/01 16:29:08 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 15:53:53 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 15:53:53 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Compose Fax 4.4.lnk
[2010/03/01 15:53:53 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Messenger 4.4.lnk
[2010/03/01 15:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/02/27 15:28:58 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PeerBlock.lnk
[2010/02/27 13:08:26 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics BoostSpeed.lnk
[2010/02/27 11:30:29 | 001,239,310 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ClearLooks_2_2.zip
[2010/02/26 22:51:10 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 22:51:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/25 22:51:02 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/25 22:38:35 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\20050225110725000_SM730B.exe
[2010/02/25 22:08:38 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics Registry Cleaner.lnk
[2010/02/25 21:32:30 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2007/04/01 13:06:15 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\mgc32.dll
[2007/03/05 19:30:22 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
[2007/03/05 19:30:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
[2007/03/05 19:30:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2007/03/05 19:30:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2007/01/04 16:09:42 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\FixVTS.ini
[2006/12/30 11:33:51 | 000,087,965 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/12/30 11:33:51 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/12/30 11:32:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/27 05:42:29 | 002,691,534 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Penbank.tif
[2006/09/23 08:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/09/20 21:59:52 | 000,418,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\temp.bmp
[2006/09/20 21:56:21 | 000,339,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\image.raw
[2006/09/11 19:40:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2006/09/11 07:59:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/10 20:31:27 | 000,006,675 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/09/10 20:31:27 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/10 06:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dm.ini
[2006/09/10 06:42:27 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeDLM.log
[2006/09/09 18:33:54 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/09 18:33:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/03 20:44:15 | 000,003,402 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/03 20:44:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\882D662BFB.sys
[2006/08/23 01:33:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/08/23 01:33:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/05/06 13:15:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 12:54:04 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/06 12:48:44 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/06 12:48:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/06 12:46:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/06 12:43:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/06 12:32:38 | 000,000,114 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/06 12:31:59 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/06 12:17:49 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/06 12:16:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/06 12:13:45 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/06 12:13:45 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/06 12:13:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/06 12:13:45 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/06 12:13:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/06 12:13:45 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/06 12:13:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/06 12:12:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/06 11:51:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/06 11:51:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/06 11:51:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 05:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/03/17 09:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/25 03:12:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/25 03:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/01 00:55:35 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 00:45:06 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/01/01 00:03:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/12/31 23:22:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JPR.{PB
[2005/12/31 23:22:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JCM.{PB
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 15:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/03/18 11:02:04 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/27 01:35:06 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\theavimenu.dll
[2004/07/25 23:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 05:11:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/10/06 11:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 16:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2002/10/04 16:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 16:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[12 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/09 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/01 09:40:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/09 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/09/01 09:40:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/09 20:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/01 09:40:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/09 13:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/09/01 09:40:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/03/02 10:20:45 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2010/03/02 10:20:45 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/03/02 10:20:45 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/16 22:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/16 22:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/09 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/09 13:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 16:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/09 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< >
< End of report >


===========================

OTL Extras logfile created on: 3/13/2010 10:07:32 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 281.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.08 Gb Total Space | 21.41 Gb Free Space | 9.55% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.44 Gb Free Space | 5.05% Space Free | Partition Type: FAT32
Drive E: | 89.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.65 Gb Total Space | 339.40 Gb Free Space | 72.89% Space Free | Partition Type: FAT32
Drive K: | 931.51 Gb Total Space | 632.66 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
Drive N: | 968.38 Mb Total Space | 694.41 Mb Free Space | 71.71% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}" = Windows Live Sign-in Assistant
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}" = muvee autoProducer 5.0
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{49A1C20C-C2CF-4AD0-BA0B-ABD96CDA9B29}" = Autodesk MapGuide Viewer, Java Edition
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4F8D44E7-3F47-4002-AE6A-BCB6A46A1788}" = Lizardtech Express View Browser Plug-in
"{5392136D-EF88-415D-82B6-628C00EFDADA}" = IntelliMover
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5EE7320A-EC09-4545-ACC3-823A246DD85A}" = TMPGEnc 4.0 XPress Trial Version
"{5F5AC805-11C7-4B84-80F5-E42F8470271A}" = Lightscribe Extended Label Contrast Utility
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7F6FD4DB-C282-4397-9CC2-BF717CA1DDA3}" = GeoPDF Toolbar 3.0.1
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Premium
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2CC3642-9B1F-428B-B207-48586724754B}" = Garmin Communicator Plugin
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide® Viewer ActiveX Control Release 6.5
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EDA65CE3-5871-41B4-8E42-B21619F2C986}" = MapSource - US Topo 24K National Parks, West v3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FCE50DB8-C610-4C42-BE5C-193F46C6F812}" = Windows Live Messenger
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"ActMon Password Recovery XP_is1" = ActMon Password Recovery XP V4.03
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Atomic Clock Sync" = Atomic Clock Sync
"AVG9Uninstall" = AVG 9.0
"Avi Speed Info" = Avi Speed Info (remove only)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Binary Vortex_is1" = Binary Vortex v4.2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2006-12-15
"dBpowerAMP" = dBpowerAMP
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DISCover" = DISCover
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Region+CSS Free_is1" = DVD Region+CSS Free 5.9.8.3
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD to VCD SVCD AVI Converter 2.05_is1" = DVD to VCD SVCD AVI Converter 2.05
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
"eMusic Remote" = eMusic Remote 1.0
"EncFlac" = EncFlac 1.1.2
"EncVorbis" = EncVorbis 1.1
"Exact Audio Copy" = Exact Audio Copy 0.95b4
"Google Updater" = Google Updater
"GrabIt_is1" = GrabIt 1.6.2 Beta (build 940)
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP Game Console" = HP Game Console
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ICQLite" = ICQ 5.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{EDA65CE3-5871-41B4-8E42-B21619F2C986}" = MapSource - US Topo 24K National Parks, West v3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.0
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.39
"MP4 Converter 3" = MP4 Converter 3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVApplication1" = SureThing CD Labeler 4 SE
"Netscape Browser" = Netscape Browser (remove only)
"NewsBinGN" = NewsBin for Giganews
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Password Recovery Pro Demo" = Password Recovery Pro Demo
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PeerGuardian_is1" = PeerGuardian 2.0
"PenScanner Twain Driver 8.0 Build 120" = PenScanner Twain Driver 8.0 Build 120
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QuadSucker/News_is1" = QuadSucker/News v 4.8
"RealPlayer 6.0" = RealPlayer
"SLABCOMM&10C4&EA60" = CP210x USB to UART Bridge Controller
"Soulseek" = SoulSeek Client 156c
"SpotAuditor_is1" = SpotAuditor 3.6.2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST6UNST #1" = NewsShark
"Tag&Rename_is1" = Tag&Rename 3.3.5
"Theorica Divx ;-) Codecs" = Theorica Divx ;-) Codecs (remove only)
"Trillian" = Trillian
"uTorrent" = µTorrent
"Video Converter 3" = Video Converter 3
"Vidmex" = Vidmex 1.3
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinCleanerMemOptimizer_is1" = WinCleaner Memory Optimizer Version 5.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT004613" = Tornado Jockey
"WT005513" = Super Granny
"WT005515" = Polar Bowler
"WT005517" = Blasterball 2 Remix
"WT005518" = Polar Golfer
"WT005519" = Ricochet Lost Worlds
"WT005520" = Blackhawk Striker 2
"WT005521" = Blasterball 2 Revolution
"WT005523" = Tradewinds
"WT005524" = Bounce Symphony
"WT005630" = Alien Outbreak 2
"WT005631" = Fairies
"WT005632" = Snowy The Bears Adventure
"WT005634" = Bejeweled 2 Deluxe
"WT005635" = Big Kahuna Reef
"WT005636" = Bookworm Deluxe
"WT005637" = Chuzzle Deluxe
"WT005638" = Diner Dash
"WT005639" = Family Feud
"WT005640" = Flip Words
"WT005641" = Insaniquarium Deluxe
"WT005642" = Jewel Quest
"WT005643" = Mah Jong Quest
"WT005644" = Mystery Case Files
"WT005645" = Poker Superstars
"WT005646" = SCRABBLE
"WT005647" = Slingo Deluxe
"WT005648" = Tennis Titans
"WT006069" = FATE
"WT006072" = Ancient Sudoku
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2010 7:07:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 490
Description = svchost (1492) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/12/2010 7:07:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 439
Description = Catalog Database (1492) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb. Error
-1032.

Error - 3/12/2010 7:07:36 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 473
Description = Catalog Database (1492) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

Error - 3/13/2010 6:07:15 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 490
Description = svchost (1660) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/13/2010 6:27:59 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application hpdj00.exe, version 2.335.5.0, faulting module
unknown, version 0.0.0.0, fault address 0x0012e731.

Error - 3/13/2010 6:37:58 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 490
Description = svchost (1956) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/13/2010 9:15:25 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 490
Description = svchost (1956) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/13/2010 9:17:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 490
Description = svchost (1956) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 3/13/2010 9:17:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 439
Description = Catalog Database (1956) Unable to write a shadowed header for file
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error
-1032.

Error - 3/13/2010 9:17:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = ESENT | ID = 473
Description = Catalog Database (1956) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
was partially detached. Error -1032 encountered updating database headers.

[ System Events ]
Error - 3/13/2010 6:44:56 PM | Computer Name = YOUR-4DACD0EA75 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_HPJMPR50\0000 disappeared from the system without
first being prepared for removal.

Error - 3/13/2010 6:45:27 PM | Computer Name = YOUR-4DACD0EA75 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_HPJMPR50\0000 disappeared from the system without
first being prepared for removal.

Error - 3/13/2010 6:45:28 PM | Computer Name = YOUR-4DACD0EA75 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_HPJMPR50\0000 disappeared from the system without
first being prepared for removal.

Error - 3/13/2010 6:45:39 PM | Computer Name = YOUR-4DACD0EA75 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_HPJMPR50\0000 disappeared from the system without
first being prepared for removal.

Error - 3/13/2010 9:51:02 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 3/13/2010 9:51:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 841e900c.

Error - 3/14/2010 12:13:02 AM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 3/14/2010 12:14:32 AM | Computer Name = YOUR-4DACD0EA75 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 82ebe00c.

Error - 3/14/2010 12:15:41 AM | Computer Name = YOUR-4DACD0EA75 | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3
00000001, parameter4 81fc293c.

Error - 3/14/2010 12:16:28 AM | Computer Name = YOUR-4DACD0EA75 | Source = System Error | ID = 1003
Description = Error code 000000fe, parameter1 00000005, parameter2 85fc10e0, parameter3
10de026e, parameter4 859b1858.


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 14 March 2010 - 12:26 PM

Hi mr.flibble,

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [geefdbdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
    O4 - HKU\.DEFAULT..\Run: [mlmkkhdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
    O4 - HKU\S-1-5-18..\Run: [mlmkkhdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
    O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (Reg Error: Key error.)
    O32 - AutoRun File - [2009/02/16 19:22:11 | 000,000,033 | -HS- | M] () - K:\autorun.inf -- [ NTFS ]
    :Commands
    [Resethosts]
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


Then please post back here with the following logs:
  • mbr.log
  • OTL results
  • New OTL log

Thanks

unite.jpg


#5 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 March 2010 - 02:21 PM

OK.

BTW Spybot Search & Destroy is blocking changes to the registry. Here's the message I keep getting after running everything:

Spybot Search & Destroy has detected an important registry entry that has been changed.

Category: System Startup user entry
Change: Value added
Entry: sstqqrdrv
Old data:
New data: rundll32.exe "byvwwt.dll",s

I've not allowed the changes nor have I denied them Malwarebytes pegged these entries as one of more of the trojan registry changes.

Anyhow, here are the logs:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

====================================================

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\geefdbdrv not found.
C:\WINDOWS\system32\byvwwt.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\mlmkkhdrv not found.
File C:\WINDOWS\System32\byvwwt.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\mlmkkhdrv not found.
File C:\WINDOWS\System32\byvwwt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2D4D26B-0180-43a4-B05F-462D6D54C789}\ not found.
Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
C:\WINDOWS\Downloaded Program Files\SysInfo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
K:\autorun.inf moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 31612 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Administrator
->Temp folder emptied: 1224497713 bytes
->Temporary Internet Files folder emptied: 28906578 bytes
->Java cache emptied: 39546548 bytes
->FireFox cache emptied: 45889822 bytes
->Flash cache emptied: 30419 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 423 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 688262 bytes
->Java cache emptied: 14 bytes
->FireFox cache emptied: 861212 bytes
->Flash cache emptied: 1523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 31950327 bytes
%systemroot%\System32 .tmp files removed: 24491604 bytes
%systemroot%\System32\dllcache .tmp files removed: 1300480 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5701416 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 455099509 bytes

Total Files Cleaned = 1,773.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.1.37.1 log created on 03142010_110035

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

======================================================

OTL logfile created on: 3/14/2010 12:07:34 PM - Run 2
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 259.00 Mb Available Physical Memory | 27.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.08 Gb Total Space | 22.66 Gb Free Space | 10.11% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.44 Gb Free Space | 5.05% Space Free | Partition Type: FAT32
Drive E: | 89.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 233.76 Gb Total Space | 7.20 Gb Free Space | 3.08% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 632.66 Gb Free Space | 67.92% Space Free | Partition Type: NTFS
Drive L: | 961.72 Mb Total Space | 897.42 Mb Free Space | 93.31% Space Free | Partition Type: FAT
Drive M: | 465.65 Gb Total Space | 339.12 Gb Free Space | 72.83% Space Free | Partition Type: FAT32
Drive N: | 968.38 Mb Total Space | 694.39 Mb Free Space | 71.71% Space Free | Partition Type: FAT

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/13 22:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/03/04 12:11:03 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/04 12:10:58 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/04 12:10:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 12:08:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/04 12:07:00 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 12:06:16 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/04 12:05:51 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/04 12:04:18 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/07 13:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/18 16:29:19 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/03 12:04:16 | 000,507,392 | ---- | M] (Businesss Logic Corporation) -- C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
PRC - [2006/05/06 13:31:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/03/20 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/15 19:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/15 19:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/15 19:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/03/13 22:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/13 18:38:46 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 12:10:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 12:08:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 12:07:00 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/03/04 12:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/04 12:10:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 12:09:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/04 12:09:10 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/04 12:09:10 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/04 12:09:09 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/04 12:06:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 12:04:21 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/25 22:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/25 22:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2008/12/04 06:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/30 19:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/25 06:29:00 | 004,623,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/23 00:07:23 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/09/23 09:13:28 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/05/09 22:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 07:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 07:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/16 23:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/16 17:41:30 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/12/16 17:40:04 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.sfgate.com/"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.6.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8bc5b5eb-0ec4-46ed-a024-ace8a3032888}:4.2.3
FF - prefs.js..extensions.enabledItems: {EB8ABF49-0290-410f-BDF2-2F13A38112AB}:0.5.4
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.024
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8088
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8088
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8088
FF - prefs.js..network.proxy.no_proxies_on: "*.r2.attbi.com"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8088
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8088


FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2007/09/22 12:22:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2010/03/13 18:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\Program Files\eMusic Remote\remoteExt [2007/09/22 12:22:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/04 13:11:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 18:46:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 18:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/26 17:11:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/27 00:40:55 | 000,000,000 | ---D | M]

[2010/02/25 22:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/03/13 21:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions
[2010/02/26 11:05:59 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/27 11:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/07/03 15:43:46 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2010/02/26 11:05:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/09/19 17:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2008/10/16 10:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2008/10/16 10:01:06 | 000,000,000 | ---D | M] (PhishTank SiteChecker) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888}
[2010/03/02 12:12:05 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2008/02/02 10:13:01 | 000,000,000 | ---D | M] (Message Level Authentication) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{A2F388E5-2777-454e-85BB-58E6FB48E690}
[2010/03/13 21:17:28 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/26 11:05:57 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/02/26 11:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/02/26 11:05:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2007/09/19 17:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{EB8ABF49-0290-410f-BDF2-2F13A38112AB}
[2010/02/25 22:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\unplug@compunach
[2007/09/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\videodowloader@videodownloader.net
[2010/03/12 18:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 20:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/08/01 02:30:56 | 000,532,480 | ---- | M] (Lizardtech Software) -- C:\Program Files\Mozilla Firefox\plugins\npexview.dll
[2007/06/01 16:51:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/05/23 17:19:18 | 000,418,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/03/14 11:56:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vtrpomdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\.DEFAULT..\Run: [opqpnndrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-18..\Run: [opqpnndrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [sstqqrdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe (Businesss Logic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://maps.ci.redding.ca.us/redding_pub/h...ps/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1267250607906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 13:45:52 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/14 10:57:42 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/14 10:57:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/14 10:57:44 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/14 10:57:46 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/03/14 10:57:46 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/03/14 10:57:46 | 000,000,000 | RHSD | M] - N:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/14 11:00:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/14 10:57:42 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/13 22:36:50 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/13 19:35:54 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2010/03/13 19:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/03/13 18:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/03/13 18:20:49 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2010/03/13 17:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Adobe Acrobat 9 Std
[2010/03/13 17:33:31 | 332,276,208 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\ACRO9_Win_WEB_WWEFG.exe
[2010/03/13 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Download Manager
[2010/03/13 15:47:06 | 000,139,345 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt12.dll
[2010/03/13 15:46:00 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/03/13 14:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads
[2010/03/11 12:16:33 | 003,130,625 | ---- | C] (Autodesk) -- C:\Documents and Settings\HP_Administrator\Desktop\MgControl6.5SP1.exe
[2010/03/09 18:10:36 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 18:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 20:01:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/06 17:44:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/06 14:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/03/06 14:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/03/06 14:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/03/06 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/03/04 18:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2010/03/04 13:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2010/03/04 12:44:34 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/03/04 12:38:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/03/04 12:32:03 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/03/04 12:11:00 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/03 00:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG9
[2010/03/02 22:15:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/02 22:15:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/02 22:15:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/02 22:15:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/02 22:14:41 | 000,099,840 | -H-- | C] (RealWorld Graphics) -- C:\WINDOWS\System32\byvwwt.dll
[2010/03/02 22:13:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/02 22:13:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/02 21:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/02 20:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/03/02 20:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 20:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/02 17:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\XDelBox
[2010/03/02 12:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 12:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/02 11:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/03/02 11:48:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 11:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 11:48:00 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 11:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 11:46:40 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HIJACKTHISINSTALLER.EXE
[2010/03/02 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/01 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/03/01 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\eFax Messenger 4.4
[2010/03/01 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/03/01 16:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\j2 Global
[2010/02/27 16:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/02/27 15:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/02/27 14:52:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/27 14:52:32 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/27 14:05:52 | 006,523,624 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\HP_Administrator\Desktop\boost-speed-setup.exe
[2010/02/27 14:02:22 | 000,000,000 | ---D | C] -- C:\INVENTION_OF_LYING
[2010/02/27 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/27 00:16:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IECompatCache
[2010/02/27 00:16:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\PrivacIE
[2010/02/26 23:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/26 23:53:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IETldCache
[2010/02/26 23:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/26 23:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/26 23:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/26 23:35:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/25 23:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Auslogics
[2010/02/25 23:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/02/25 22:33:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/25 22:33:17 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/25 22:32:28 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/25 22:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/25 22:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/25 22:29:16 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/25 22:29:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/25 22:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/25 22:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/25 22:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/25 22:23:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/25 22:23:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/25 22:23:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/25 22:06:52 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/05/01 17:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/05 20:30:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[2006/09/03 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2006/09/03 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/03/14 12:08:09 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to mbr.lnk
[2010/03/14 12:07:09 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to 03142010_110035.lnk
[2010/03/14 12:05:23 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/14 12:04:24 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/03/14 12:04:16 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/03/14 12:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/14 12:01:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 12:00:16 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/14 12:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/14 11:59:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 11:59:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 11:59:29 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 11:57:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/03/14 11:56:48 | 000,099,840 | -H-- | M] (RealWorld Graphics) -- C:\WINDOWS\System32\byvwwt.dll
[2010/03/14 11:56:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/03/14 10:49:42 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Flash_Disinfector.exe
[2010/03/14 10:42:02 | 057,108,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/14 10:40:01 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 10:40:01 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 10:39:59 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 22:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/13 19:35:40 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/03/13 18:48:48 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 18:13:00 | 000,068,938 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2010/03/13 18:10:06 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/13 17:37:02 | 332,276,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\ACRO9_Win_WEB_WWEFG.exe
[2010/03/13 15:45:36 | 000,000,147 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/03/13 15:45:26 | 000,000,728 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010/03/13 14:00:58 | 000,571,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/03/12 10:10:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/03/12 09:00:32 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/03/11 12:16:34 | 003,130,625 | ---- | M] (Autodesk) -- C:\Documents and Settings\HP_Administrator\Desktop\MgControl6.5SP1.exe
[2010/03/06 18:06:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/06 14:30:38 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/03/06 13:13:20 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 18:33:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/04 18:28:22 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/04 18:27:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/04 18:27:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/03/04 14:43:24 | 000,003,402 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 12:44:34 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/03/04 12:20:18 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SDFix.exe
[2010/03/04 12:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/04 12:11:00 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/04 12:10:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/04 12:09:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/03/04 12:06:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/04 12:04:21 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/02 22:14:20 | 003,876,891 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/03/02 21:09:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/02 16:56:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/02 14:07:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\qr9so97j.exe
[2010/03/02 12:18:39 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/03/02 11:46:46 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HIJACKTHISINSTALLER.EXE
[2010/03/02 11:20:45 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/01 17:29:16 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 17:21:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/03/01 17:01:38 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 17:01:38 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Compose Fax 4.4.lnk
[2010/03/01 17:01:38 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Messenger 4.4.lnk
[2010/02/27 16:28:58 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PeerBlock.lnk
[2010/02/27 14:08:26 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics BoostSpeed.lnk
[2010/02/27 14:05:59 | 006,523,624 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\HP_Administrator\Desktop\boost-speed-setup.exe
[2010/02/27 12:30:36 | 001,239,310 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ClearLooks_2_2.zip
[2010/02/27 00:47:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/26 23:51:05 | 002,647,594 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/02/25 23:39:00 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\20050225110725000_SM730B.exe
[2010/02/25 23:08:38 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics Registry Cleaner.lnk
[2010/02/25 22:32:33 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/25 22:32:30 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/25 22:32:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/25 22:31:58 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/25 22:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/25 22:07:46 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Files Created - No Company Name ==========

[2010/03/14 12:08:09 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to mbr.lnk
[2010/03/14 12:07:09 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to 03142010_110035.lnk
[2010/03/14 10:49:40 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Flash_Disinfector.exe
[2010/03/13 18:17:55 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/03/13 15:45:36 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/03/13 15:45:11 | 000,000,728 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/03/13 15:40:16 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/03/13 15:40:16 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/03/07 17:33:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/03/07 17:33:38 | 000,000,538 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/03/04 18:33:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/04 18:28:21 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/04 18:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/04 18:27:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/03/04 13:12:40 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 12:20:16 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SDFix.exe
[2010/03/02 22:15:38 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/02 22:15:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/02 22:15:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/02 22:15:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/02 22:15:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/02 14:06:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\qr9so97j.exe
[2010/03/02 12:45:11 | 003,876,891 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/03/02 12:18:39 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/03/01 17:29:08 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 16:53:53 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 16:53:53 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Compose Fax 4.4.lnk
[2010/03/01 16:53:53 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Messenger 4.4.lnk
[2010/03/01 16:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/02/27 16:28:58 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PeerBlock.lnk
[2010/02/27 14:08:26 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics BoostSpeed.lnk
[2010/02/27 12:30:29 | 001,239,310 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ClearLooks_2_2.zip
[2010/02/26 23:51:10 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 23:51:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/25 23:51:02 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/25 23:38:35 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\20050225110725000_SM730B.exe
[2010/02/25 23:08:38 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics Registry Cleaner.lnk
[2010/02/25 22:32:30 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2007/04/01 14:06:15 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\mgc32.dll
[2007/03/05 20:30:22 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
[2007/03/05 20:30:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
[2007/03/05 20:30:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2007/03/05 20:30:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2007/01/04 17:09:42 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\FixVTS.ini
[2006/12/30 12:33:51 | 000,087,965 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/12/30 12:33:51 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/12/30 12:32:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/27 06:42:29 | 002,691,534 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Penbank.tif
[2006/09/23 09:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/09/20 22:59:52 | 000,418,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\temp.bmp
[2006/09/20 22:56:21 | 000,339,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\image.raw
[2006/09/11 20:40:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2006/09/11 08:59:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/10 21:31:27 | 000,006,675 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/09/10 21:31:27 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/10 07:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dm.ini
[2006/09/10 07:42:27 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeDLM.log
[2006/09/09 19:33:54 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/09 19:33:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/03 21:44:15 | 000,003,402 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/03 21:44:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\882D662BFB.sys
[2006/08/23 02:33:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/08/23 02:33:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/05/06 14:15:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 13:54:04 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/06 13:48:44 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/06 13:48:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/06 13:46:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/06 13:43:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/06 13:32:38 | 000,000,114 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/06 13:31:59 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/06 13:17:49 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/06 13:16:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/06 13:13:45 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/06 13:13:45 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/06 13:13:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/06 13:13:45 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/06 13:13:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/06 13:13:45 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/06 13:13:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/06 13:12:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/06 12:51:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/06 12:51:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/06 12:51:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 06:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/03/17 10:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/25 04:12:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/25 04:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/01 01:55:35 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 01:45:06 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/01/01 01:03:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/01/01 00:22:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JPR.{PB
[2006/01/01 00:22:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JCM.{PB
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/03/18 12:02:04 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/27 02:35:06 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\theavimenu.dll
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 06:11:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/10/06 12:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 17:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 17:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2002/10/04 17:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 14 March 2010 - 06:49 PM

Please disable Spybot for now, then run that last OTL script again and post the results and a new OTL log, thanks.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.

unite.jpg


#7 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 March 2010 - 10:22 PM

OK.

Here it is:

OTL logfile created on: 3/14/2010 8:12:30 PM - Run 4
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 445.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.08 Gb Total Space | 22.61 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 0.44 Gb Free Space | 5.05% Space Free | Partition Type: FAT32
Drive E: | 89.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/13 22:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/03/04 12:11:03 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/04 12:10:58 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/04 12:10:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/04 12:08:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/04 12:07:00 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/03/04 12:06:16 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/04 12:05:51 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/04 12:04:18 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2008/10/07 13:30:26 | 000,656,896 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GTray.exe
PRC - [2008/10/07 13:25:48 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
PRC - [2008/06/11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/18 16:29:19 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/04/03 12:04:16 | 000,507,392 | ---- | M] (Businesss Logic Corporation) -- C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
PRC - [2006/05/06 13:31:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/03/20 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/03/15 19:12:40 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/03/15 19:11:54 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/03/15 19:11:54 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2006/02/15 15:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/03/13 22:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/03/13 18:38:46 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 12:10:14 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/04 12:08:55 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/04 12:07:00 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/03/04 12:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/04 12:10:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 12:09:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/03/04 12:09:10 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/03/04 12:09:10 | 000,026,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/03/04 12:09:09 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/03/04 12:06:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/04 12:04:21 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/25 22:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/02/25 22:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/09/28 03:02:44 | 000,014,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2008/12/04 06:17:15 | 000,627,072 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/30 19:54:04 | 001,201,632 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/10/25 06:29:00 | 004,623,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/23 00:07:23 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/09/23 09:13:28 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/05/09 22:50:00 | 003,535,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/03/03 07:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 07:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/16 23:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/18 12:02:04 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc.sys -- (Wdm1)
DRV - [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/12/16 17:41:30 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2004/12/16 17:40:04 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfgate.com/
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.sfgate.com/"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.6.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8bc5b5eb-0ec4-46ed-a024-ace8a3032888}:4.2.3
FF - prefs.js..extensions.enabledItems: {EB8ABF49-0290-410f-BDF2-2F13A38112AB}:0.5.4
FF - prefs.js..extensions.enabledItems: {89736E8E-4B14-4042-8C75-AD00B6BD3900}:1.0.5
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.024
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8088
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8088
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8088
FF - prefs.js..network.proxy.no_proxies_on: "*.r2.attbi.com"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8088
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8088


FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2007/09/22 12:22:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2010/03/13 18:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\Program Files\eMusic Remote\remoteExt [2007/09/22 12:22:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/04 13:11:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 18:46:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 18:17:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/26 17:11:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/02/27 00:40:55 | 000,000,000 | ---D | M]

[2010/02/25 22:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/03/13 21:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions
[2010/02/26 11:05:59 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/02/27 11:18:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/07/03 15:43:46 | 000,000,000 | ---D | M] (Map+) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{5359A5B3-9AFD-49ee-8C39-0A8F97A2A2D6}
[2010/02/26 11:05:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/09/19 17:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{6b6601f1-361e-4b9f-bb6d-f8305000e4f6}
[2008/10/16 10:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
[2008/10/16 10:01:06 | 000,000,000 | ---D | M] (PhishTank SiteChecker) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{8bc5b5eb-0ec4-46ed-a024-ace8a3032888}
[2010/03/02 12:12:05 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2008/02/02 10:13:01 | 000,000,000 | ---D | M] (Message Level Authentication) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{A2F388E5-2777-454e-85BB-58E6FB48E690}
[2010/03/13 21:17:28 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/26 11:05:57 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/02/26 11:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/02/26 11:05:52 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2007/09/19 17:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{EB8ABF49-0290-410f-BDF2-2F13A38112AB}
[2010/02/25 22:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\unplug@compunach
[2007/09/19 17:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\videodowloader@videodownloader.net
[2010/03/12 18:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 20:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/08/01 02:30:56 | 000,532,480 | ---- | M] (Lizardtech Software) -- C:\Program Files\Mozilla Firefox\plugins\npexview.dll
[2007/06/01 16:51:16 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/05/23 17:19:18 | 000,418,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/03/14 11:56:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vtrpomdrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\.DEFAULT..\Run: [opqpnndrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-18..\Run: [opqpnndrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [tutuvudrv] C:\WINDOWS\System32\byvwwt.dll (RealWorld Graphics)
O4 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe (Businesss Logic Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1319907711-1484544966-1471981304-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.lizardtech.com/download/files/w...ntrol_en_US.cab (DjVuCtl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://maps.ci.redding.ca.us/redding_pub/h...ps/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1267250607906 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {93994DE8-8239-4655-B1D1-5F4E91300429} - C:\Program Files\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 13:45:52 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/14 10:57:42 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/14 10:57:44 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/14 11:00:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/14 10:57:42 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/03/13 22:36:50 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/13 19:35:54 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2010/03/13 19:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/03/13 18:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/03/13 18:20:49 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2010/03/13 17:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Adobe Acrobat 9 Std
[2010/03/13 17:33:31 | 332,276,208 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\ACRO9_Win_WEB_WWEFG.exe
[2010/03/13 17:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Download Manager
[2010/03/13 15:47:06 | 000,139,345 | ---- | C] (HP) -- C:\WINDOWS\System32\hpzlnt12.dll
[2010/03/13 15:46:00 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2010/03/13 14:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Downloads
[2010/03/11 12:16:33 | 003,130,625 | ---- | C] (Autodesk) -- C:\Documents and Settings\HP_Administrator\Desktop\MgControl6.5SP1.exe
[2010/03/09 18:10:36 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 18:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/06 20:01:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/06 17:44:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/06 14:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2010/03/06 14:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/03/06 14:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/03/06 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2010/03/04 18:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2010/03/04 13:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\WinRAR
[2010/03/04 12:44:34 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/03/04 12:38:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/03/04 12:32:03 | 000,000,000 | ---D | C] -- C:\SDFix
[2010/03/04 12:11:00 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/03 00:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\AVG9
[2010/03/02 22:15:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/02 22:15:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/02 22:15:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/02 22:15:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/02 22:14:41 | 000,099,840 | -H-- | C] (RealWorld Graphics) -- C:\WINDOWS\System32\byvwwt.dll
[2010/03/02 22:13:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/02 22:13:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/02 21:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/03/02 20:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/03/02 20:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/02 20:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/02 17:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\XDelBox
[2010/03/02 12:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/02 12:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/02 11:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/03/02 11:48:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/02 11:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 11:48:00 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/02 11:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/02 11:46:40 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HIJACKTHISINSTALLER.EXE
[2010/03/02 10:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/01 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/03/01 16:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\eFax Messenger 4.4
[2010/03/01 16:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/03/01 16:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\j2 Global
[2010/02/27 16:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/02/27 15:57:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/02/27 14:52:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/02/27 14:52:32 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/02/27 14:05:52 | 006,523,624 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\HP_Administrator\Desktop\boost-speed-setup.exe
[2010/02/27 14:02:22 | 000,000,000 | ---D | C] -- C:\INVENTION_OF_LYING
[2010/02/27 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/02/27 00:16:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IECompatCache
[2010/02/27 00:16:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\PrivacIE
[2010/02/26 23:57:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/26 23:53:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator\IETldCache
[2010/02/26 23:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/26 23:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/26 23:39:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/26 23:35:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/25 23:09:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Auslogics
[2010/02/25 23:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/02/25 22:33:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/02/25 22:33:17 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/25 22:32:28 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/02/25 22:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/25 22:31:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/02/25 22:29:16 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/02/25 22:29:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/02/25 22:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/25 22:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/25 22:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/25 22:23:21 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/02/25 22:23:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/02/25 22:23:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/25 22:06:52 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2008/05/01 17:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/05 20:30:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[2006/09/03 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2006/09/03 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/03/14 20:07:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/14 20:06:31 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/14 20:06:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/14 20:06:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/14 20:05:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/14 20:05:57 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/14 20:04:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/03/14 20:04:12 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/03/14 20:03:25 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/03/14 20:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/14 12:08:09 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to mbr.lnk
[2010/03/14 12:07:09 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to 03142010_110035.lnk
[2010/03/14 12:05:23 | 000,000,182 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/14 11:56:48 | 000,099,840 | -H-- | M] (RealWorld Graphics) -- C:\WINDOWS\System32\byvwwt.dll
[2010/03/14 11:56:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/03/14 10:49:42 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Flash_Disinfector.exe
[2010/03/14 10:42:02 | 057,108,066 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/14 10:40:01 | 000,443,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/14 10:40:01 | 000,072,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/14 10:39:59 | 000,525,066 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/13 22:37:02 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/03/13 19:35:40 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/03/13 18:48:48 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/13 18:13:00 | 000,068,938 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2010/03/13 18:10:06 | 000,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/13 17:37:02 | 332,276,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\ACRO9_Win_WEB_WWEFG.exe
[2010/03/13 15:45:36 | 000,000,147 | ---- | M] () -- C:\WINDOWS\System32\AddPort.ini
[2010/03/13 15:45:26 | 000,000,728 | ---- | M] () -- C:\WINDOWS\hpntwksetup.ini
[2010/03/13 14:00:58 | 000,571,446 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/03/12 10:10:24 | 000,000,552 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/03/12 09:00:32 | 000,000,538 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/03/11 12:16:34 | 003,130,625 | ---- | M] (Autodesk) -- C:\Documents and Settings\HP_Administrator\Desktop\MgControl6.5SP1.exe
[2010/03/06 18:06:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/06 14:30:38 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/03/06 13:13:20 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 18:33:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/04 18:28:22 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/04 18:27:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/04 18:27:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/03/04 14:43:24 | 000,003,402 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/03/04 12:44:34 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/03/04 12:20:18 | 001,529,241 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SDFix.exe
[2010/03/04 12:11:31 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/04 12:11:00 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/04 12:10:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/04 12:09:11 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/03/04 12:06:17 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/04 12:04:21 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/03/02 22:14:20 | 003,876,891 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/03/02 21:09:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/02 16:56:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/02 14:07:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\qr9so97j.exe
[2010/03/02 12:18:39 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/03/02 11:46:46 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HIJACKTHISINSTALLER.EXE
[2010/03/02 11:20:45 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/01 17:29:16 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 17:21:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/03/01 17:01:38 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 17:01:38 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Compose Fax 4.4.lnk
[2010/03/01 17:01:38 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Messenger 4.4.lnk
[2010/02/27 16:28:58 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\PeerBlock.lnk
[2010/02/27 14:08:26 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics BoostSpeed.lnk
[2010/02/27 14:05:59 | 006,523,624 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\HP_Administrator\Desktop\boost-speed-setup.exe
[2010/02/27 12:30:36 | 001,239,310 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ClearLooks_2_2.zip
[2010/02/27 00:47:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/26 23:51:05 | 002,647,594 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/02/25 23:39:00 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\20050225110725000_SM730B.exe
[2010/02/25 23:08:38 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics Registry Cleaner.lnk
[2010/02/25 22:32:33 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/25 22:32:30 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/25 22:32:24 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/25 22:31:58 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/02/25 22:31:58 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/02/25 22:07:46 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

========== Files Created - No Company Name ==========

[2010/03/14 12:08:09 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to mbr.lnk
[2010/03/14 12:07:09 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to 03142010_110035.lnk
[2010/03/14 10:49:40 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Flash_Disinfector.exe
[2010/03/13 18:17:55 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Standard.lnk
[2010/03/13 15:45:36 | 000,000,147 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2010/03/13 15:45:11 | 000,000,728 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2010/03/13 15:40:16 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/03/13 15:40:16 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/03/07 17:33:46 | 000,000,552 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
[2010/03/07 17:33:38 | 000,000,538 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
[2010/03/04 18:33:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/03/04 18:28:21 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2010/03/04 18:27:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2010/03/04 18:27:12 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2010/03/04 13:12:40 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/04 12:20:16 | 001,529,241 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SDFix.exe
[2010/03/02 22:15:38 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/02 22:15:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/02 22:15:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/02 22:15:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/02 22:15:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/02 14:06:50 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\qr9so97j.exe
[2010/03/02 12:45:11 | 003,876,891 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/03/02 12:18:39 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/03/01 17:29:08 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 16:53:53 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\eFax 4.4.lnk
[2010/03/01 16:53:53 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Compose Fax 4.4.lnk
[2010/03/01 16:53:53 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\eFax Messenger 4.4.lnk
[2010/03/01 16:53:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eFax_4_4_Port
[2010/02/27 16:28:58 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\PeerBlock.lnk
[2010/02/27 14:08:26 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics BoostSpeed.lnk
[2010/02/27 12:30:29 | 001,239,310 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ClearLooks_2_2.zip
[2010/02/26 23:51:10 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/26 23:51:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/25 23:51:02 | 000,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/25 23:38:35 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\20050225110725000_SM730B.exe
[2010/02/25 23:08:38 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Auslogics Registry Cleaner.lnk
[2010/02/25 22:32:30 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2007/04/01 14:06:15 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\mgc32.dll
[2007/03/05 20:30:22 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.log
[2007/03/05 20:30:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\ezpinst.exe
[2007/03/05 20:30:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2007/03/05 20:30:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2007/01/04 17:09:42 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\FixVTS.ini
[2006/12/30 12:33:51 | 000,087,965 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/12/30 12:33:51 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/12/30 12:32:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/27 06:42:29 | 002,691,534 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Penbank.tif
[2006/09/23 09:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/09/20 22:59:52 | 000,418,262 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\temp.bmp
[2006/09/20 22:56:21 | 000,339,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\image.raw
[2006/09/11 20:40:59 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2006/09/11 08:59:04 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/09/10 21:31:27 | 000,006,675 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/09/10 21:31:27 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/10 07:42:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\dm.ini
[2006/09/10 07:42:27 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\AdobeDLM.log
[2006/09/09 19:33:54 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/09 19:33:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/03 21:44:15 | 000,003,402 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/03 21:44:15 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\882D662BFB.sys
[2006/08/23 02:33:46 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/08/23 02:33:46 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/05/06 14:15:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 13:54:04 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/05/06 13:48:44 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/05/06 13:48:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/05/06 13:46:08 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/06 13:43:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/06 13:32:38 | 000,000,114 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/05/06 13:31:59 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/06 13:17:49 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/05/06 13:16:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/05/06 13:13:45 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/06 13:13:45 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/06 13:13:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/06 13:13:45 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/06 13:13:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/06 13:13:45 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/06 13:13:44 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/06 13:12:30 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/05/06 12:51:28 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/05/06 12:51:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/05/06 12:51:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/18 06:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/03/17 10:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/25 04:12:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/25 04:09:38 | 000,774,144 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/01 01:55:35 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/01 01:45:06 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2006/01/01 01:03:53 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/01/01 00:22:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JPR.{PB
[2006/01/01 00:22:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\PFP120JCM.{PB
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/03/18 12:02:04 | 000,015,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbbc.sys
[2004/08/27 02:35:06 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\theavimenu.dll
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/15 06:11:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/10/06 12:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 17:04:26 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 17:04:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\VORBIS.DLL
[2002/10/04 17:04:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\OGG.DLL
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 15 March 2010 - 01:00 PM

Hi,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#9 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 March 2010 - 05:04 PM

OK.

Here you go.

ComboFix 10-03-15.02 - HP_Administrator 03/15/2010 14:37:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.468 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-02-15 to 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-14 18:00 . 2010-03-14 18:00 -------- d-----w- C:\_OTL
2010-03-14 04:17 . 2007-12-30 13:01 172032 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2010-03-14 04:17 . 2007-12-30 13:01 307200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2010-03-14 04:17 . 2007-12-30 13:01 90112 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2010-03-14 02:35 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-03-14 02:23 . 2010-03-14 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-14 01:38 . 2010-03-14 01:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-14 01:20 . 2008-04-07 13:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-03-14 00:32 . 2010-03-14 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Download Manager
2010-03-13 22:47 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-03-13 22:46 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-03-13 22:46 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-03-13 22:40 . 2010-03-14 01:13 68938 ----a-w- c:\windows\hpoins05.dat
2010-03-13 22:40 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-03-10 01:10 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 01:31 . 2010-03-09 01:31 4250392 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-09 01:30 . 2010-03-09 01:30 439816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-04 19:44 . 2010-03-04 19:44 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-04 19:38 . 2010-03-04 19:38 -------- d-----w- c:\windows\ERUNT
2010-03-04 19:38 . 2010-03-04 19:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-04 19:32 . 2010-03-05 00:44 -------- d-----w- C:\SDFix
2010-03-04 19:14 . 2010-03-04 19:14 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-03-04 19:14 . 2010-03-04 19:14 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-04 19:14 . 2010-03-04 19:14 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-04 19:14 . 2010-03-04 19:14 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-03-04 19:14 . 2010-03-04 19:14 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-04 19:14 . 2010-03-04 19:14 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-03-04 19:14 . 2010-03-04 19:14 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-03-04 19:14 . 2010-03-04 19:14 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-04 19:14 . 2010-03-04 19:14 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-03-04 19:11 . 2010-03-04 19:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 19:01 . 2010-02-26 05:32 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-04 19:01 . 2010-02-26 05:32 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-04 19:01 . 2010-02-26 05:32 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-04 19:01 . 2010-02-26 05:32 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-03 07:19 . 2010-03-03 07:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG9
2010-03-03 05:14 . 2010-03-14 18:56 99840 ---ha-w- c:\windows\system32\byvwwt.dll
2010-03-03 03:48 . 2010-03-03 03:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-03-03 03:43 . 2010-03-03 03:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-02 19:18 . 2010-03-02 19:18 -------- d-----w- c:\program files\Trend Micro
2010-03-02 18:48 . 2010-03-02 18:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-03-02 18:48 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 18:48 . 2010-03-02 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-02 18:48 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 18:47 . 2010-03-14 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 05:59 . 2010-03-02 05:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-02 00:01 . 2010-03-02 00:01 4710 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{DF6DA606-904D-4C18-823F-A4CFC3035E53}\ext.exe
2010-03-01 23:53 . 2010-03-01 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Output
2010-03-01 23:52 . 2010-03-02 00:28 -------- d-----w- c:\program files\eFax Messenger 4.4
2010-03-01 23:52 . 2010-03-01 23:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\j2 Global
2010-02-27 23:28 . 2010-02-28 06:57 -------- d-----w- c:\program files\PeerBlock
2010-02-27 22:57 . 2010-02-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2010-02-27 21:52 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-27 21:02 . 2010-02-27 21:40 -------- d-----w- C:\INVENTION_OF_LYING
2010-02-27 07:35 . 2010-02-27 07:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-27 07:16 . 2010-02-27 07:16 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2010-02-27 07:16 . 2010-02-27 07:16 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2010-02-27 06:56 . 2010-02-27 06:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-02-27 06:54 . 2010-02-27 06:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-27 06:53 . 2010-02-27 06:53 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2010-02-27 06:53 . 2010-02-27 06:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-27 06:51 . 2010-02-27 06:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-27 06:39 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-27 06:39 . 2010-02-27 07:47 -------- d-----w- c:\windows\ie8updates
2010-02-27 06:38 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-27 06:38 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-27 06:35 . 2010-02-27 06:37 -------- dc-h--w- c:\windows\ie8
2010-02-26 20:12 . 2009-05-30 02:34 139264 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Thunderbird\Profiles\la4i0r1m.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2010-02-26 06:09 . 2010-02-26 06:12 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Auslogics
2010-02-26 06:08 . 2010-02-27 21:07 -------- d-----w- c:\program files\Auslogics
2010-02-26 06:06 . 2010-02-26 05:32 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-26 06:06 . 2010-02-26 05:32 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-26 05:33 . 2010-02-26 05:37 -------- d-----w- C:\$AVG
2010-02-26 05:33 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-26 05:32 . 2010-03-04 19:09 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-26 05:31 . 2010-02-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-26 05:31 . 2010-02-26 05:37 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-26 05:29 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-26 05:29 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-26 05:28 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-02-26 05:28 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-26 05:28 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-26 05:28 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-26 05:28 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-02-26 05:28 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-26 05:28 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-26 05:28 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-26 05:28 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-26 05:26 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-26 05:22 . 2010-02-26 05:22 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-26 05:21 . 2010-02-26 05:22 79488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-26 05:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-26 05:18 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-02-26 05:06 . 2010-03-04 19:04 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 21:34 . 2007-08-23 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-14 19:30 . 2006-01-01 08:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-14 01:39 . 2006-05-06 20:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-14 01:26 . 2006-05-06 20:30 74688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 22:50 . 2006-05-06 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-03-13 22:48 . 2006-05-06 20:38 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-09 04:36 . 2006-09-04 04:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2010-03-06 21:35 . 2006-09-10 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-06 21:34 . 2006-09-10 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-04 21:43 . 2006-09-04 04:44 3402 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-04 19:11 . 2008-05-02 00:13 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 19:10 . 2006-12-08 14:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 19:06 . 2008-05-02 00:13 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 18:53 . 2006-09-04 04:58 -------- d-----w- c:\program files\uTorrent
2010-03-03 04:09 . 2008-05-11 18:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-02 18:20 . 2008-05-09 22:01 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-01 16:35 . 2007-06-26 23:44 -------- d-----w- c:\program files\MSECache
2010-03-01 15:21 . 2006-01-01 09:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2010-02-27 23:27 . 2007-05-12 16:14 -------- d-----w- c:\program files\PeerGuardian2
2010-02-27 21:40 . 2007-01-05 00:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RipIt4Me
2010-02-27 21:18 . 2006-09-09 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-27 06:50 . 2006-05-06 20:58 -------- d-----w- c:\program files\Google
2010-02-26 20:42 . 2006-01-01 08:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Thunderbird
2010-02-26 05:33 . 2008-05-02 00:12 -------- d-----w- c:\program files\AVG
2010-02-26 05:31 . 2008-05-02 00:12 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-26 05:31 . 2008-05-02 00:12 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-26 05:23 . 2006-05-06 19:59 -------- d-----w- c:\program files\Java
2009-12-31 16:50 . 2008-05-09 22:01 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-09 21:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-09 21:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2006-09-04 04:48 . 2006-09-04 04:44 88 --sh--r- c:\windows\system32\882D662BFB.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMem"="c:\program files\WinCleaner Memory Optimizer\WinMemOpt.exe" [2007-04-03 507392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"tutuvudrv"="byvwwt.dll" [2010-03-14 99840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-10 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-10 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 180269]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"vtrpomdrv"="byvwwt.dll" [2010-03-14 99840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"opqpnndrv"="byvwwt.dll" [2010-03-14 99840]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 19:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/25/2010 10:32 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/25/2010 10:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2008 5:13 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2008 5:13 PM 242696]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 12:10 PM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [3/4/2010 12:06 PM 2325816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/1/2008 5:12 PM 30104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 11:51 PM 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/1/2008 5:12 PM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/4/2010 12:08 PM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/25/2010 10:32 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/25/2010 10:32 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/25/2010 10:31 PM 26120]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/27/2010 4:28 PM 14424]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/18/2005 12:02 PM 15576]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/1/2006 12:08 AM 627072]
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 00:13]

2010-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-28 06:50]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 06:50]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 06:50]

2010-03-12 c:\windows\Tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam-renamed.exe [2010-03-02 00:07]

2010-03-12 c:\windows\Tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam-renamed.exe [2010-03-02 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sfgate.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=US&language=en&PURCH_DT_MONTH=01&PURCH_DT_DAY=01&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=CNH61912DK&application=305&modelID=EX272AA&LF=blue
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: trymedia.com
TCP: {1AD773FB-91FD-4671-A270-72CA1FA19973} = 68.87.76.178,68.87.78.130
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.sfgate.com/
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 14:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1912)
c:\windows\system32\byvwwt.dll
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\byvwwt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-15 14:55:21
ComboFix-quarantined-files.txt 2010-03-15 21:55
ComboFix2.txt 2010-03-03 05:56

Pre-Run: 24,243,687,424 bytes free
Post-Run: 24,195,891,200 bytes free

- - End Of File - - 27B7F6968377BBF7E9517D9A0803114F


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 15 March 2010 - 07:42 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/301121/trojanagent-and-trojanvundo/

Collect::
c:\windows\system32\byvwwt.dll
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"opqpnndrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vtrpomdrv"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"tutuvudrv"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#11 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 March 2010 - 08:48 PM

OK. Thanks for all your help on this. Feel like such a newby re malware and rootkits.

ComboFix 10-03-15.02 - HP_Administrator 03/15/2010 18:24:09.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.436 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-14 18:00 . 2010-03-14 18:00 -------- d-----w- C:\_OTL
2010-03-14 02:35 . 2008-04-07 13:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-03-14 02:23 . 2010-03-14 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-03-14 01:38 . 2010-03-14 01:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-14 01:20 . 2008-04-07 13:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-03-14 00:32 . 2010-03-14 00:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Download Manager
2010-03-13 22:47 . 2004-10-01 14:01 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-03-13 22:46 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-03-13 22:46 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-03-13 22:40 . 2010-03-14 01:13 68938 ----a-w- c:\windows\hpoins05.dat
2010-03-13 22:40 . 2004-12-15 06:39 19696 ------w- c:\windows\hpomdl05.dat
2010-03-10 01:10 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-03-06 21:26 . 2010-03-06 21:26 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-04 19:44 . 2010-03-04 19:44 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-04 19:38 . 2010-03-04 19:38 -------- d-----w- c:\windows\ERUNT
2010-03-04 19:38 . 2010-03-04 19:38 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-04 19:32 . 2010-03-05 00:44 -------- d-----w- C:\SDFix
2010-03-04 19:11 . 2010-03-04 19:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-03 07:19 . 2010-03-03 07:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG9
2010-03-03 05:14 . 2010-03-14 18:56 99840 ---ha-w- c:\windows\system32\byvwwt.dll
2010-03-03 03:48 . 2010-03-03 03:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-03-03 03:43 . 2010-03-03 03:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-02 19:18 . 2010-03-02 19:18 -------- d-----w- c:\program files\Trend Micro
2010-03-02 18:48 . 2010-03-02 18:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2010-03-02 18:48 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-02 18:48 . 2010-03-02 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-02 18:48 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 18:47 . 2010-03-14 10:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-02 05:59 . 2010-03-02 05:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-01 23:53 . 2010-03-01 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Output
2010-03-01 23:52 . 2010-03-02 00:28 -------- d-----w- c:\program files\eFax Messenger 4.4
2010-03-01 23:52 . 2010-03-01 23:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\j2 Global
2010-02-27 23:28 . 2010-02-28 06:57 -------- d-----w- c:\program files\PeerBlock
2010-02-27 22:57 . 2010-02-27 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2010-02-27 21:52 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-27 21:02 . 2010-02-27 21:40 -------- d-----w- C:\INVENTION_OF_LYING
2010-02-27 07:35 . 2010-02-27 07:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-27 07:16 . 2010-02-27 07:16 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2010-02-27 07:16 . 2010-02-27 07:16 -------- d-sh--w- c:\documents and settings\HP_Administrator\PrivacIE
2010-02-27 06:56 . 2010-02-27 06:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-02-27 06:54 . 2010-02-27 06:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-27 06:53 . 2010-02-27 06:53 -------- d-sh--w- c:\documents and settings\HP_Administrator\IETldCache
2010-02-27 06:53 . 2010-02-27 06:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-27 06:51 . 2010-02-27 06:51 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-27 06:39 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-27 06:39 . 2010-02-27 07:47 -------- d-----w- c:\windows\ie8updates
2010-02-27 06:38 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-27 06:38 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-27 06:35 . 2010-02-27 06:37 -------- dc-h--w- c:\windows\ie8
2010-02-26 06:09 . 2010-02-26 06:12 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Auslogics
2010-02-26 06:08 . 2010-02-27 21:07 -------- d-----w- c:\program files\Auslogics
2010-02-26 05:33 . 2010-02-26 05:37 -------- d-----w- C:\$AVG
2010-02-26 05:33 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-26 05:32 . 2010-03-04 19:09 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-26 05:31 . 2010-02-26 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-26 05:31 . 2010-02-26 05:37 -------- d-----w- c:\windows\SxsCaPendDel
2010-02-26 05:29 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-02-26 05:29 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-02-26 05:28 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-02-26 05:28 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-02-26 05:28 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-26 05:28 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-02-26 05:28 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-02-26 05:28 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-26 05:28 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-02-26 05:28 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-02-26 05:28 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-02-26 05:26 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-02-26 05:18 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-02-26 05:18 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-02-26 05:06 . 2010-03-04 19:04 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 21:34 . 2007-08-23 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-14 19:30 . 2006-01-01 08:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-14 01:39 . 2006-05-06 20:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-14 01:26 . 2006-05-06 20:30 74688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-13 22:50 . 2006-05-06 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-03-13 22:48 . 2006-05-06 20:38 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-09 04:36 . 2006-09-04 04:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2010-03-09 01:31 . 2010-03-09 01:31 4250392 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-03-09 01:30 . 2010-03-09 01:30 439816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-03-06 21:35 . 2006-09-10 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-06 21:34 . 2006-09-10 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-04 21:43 . 2006-09-04 04:44 3402 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-03-04 19:14 . 2010-03-04 19:14 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-03-04 19:14 . 2010-03-04 19:14 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-04 19:14 . 2010-03-04 19:14 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-04 19:14 . 2010-03-04 19:14 25608 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-03-04 19:14 . 2010-03-04 19:14 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-04 19:14 . 2010-03-04 19:14 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-03-04 19:14 . 2010-03-04 19:14 25736 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-03-04 19:14 . 2010-03-04 19:14 161800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-04 19:14 . 2010-03-04 19:14 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-03-04 19:11 . 2008-05-02 00:13 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 19:10 . 2006-12-08 14:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 19:06 . 2008-05-02 00:13 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 18:53 . 2006-09-04 04:58 -------- d-----w- c:\program files\uTorrent
2010-03-03 04:09 . 2008-05-11 18:14 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-02 18:20 . 2008-05-09 22:01 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-03-02 00:01 . 2010-03-02 00:01 4710 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{DF6DA606-904D-4C18-823F-A4CFC3035E53}\ext.exe
2010-03-01 16:35 . 2007-06-26 23:44 -------- d-----w- c:\program files\MSECache
2010-03-01 15:21 . 2006-01-01 09:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2010-02-27 23:27 . 2007-05-12 16:14 -------- d-----w- c:\program files\PeerGuardian2
2010-02-27 21:40 . 2007-01-05 00:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RipIt4Me
2010-02-27 21:18 . 2006-09-09 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-02-27 06:50 . 2006-05-06 20:58 -------- d-----w- c:\program files\Google
2010-02-26 20:42 . 2006-01-01 08:15 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Thunderbird
2010-02-26 05:33 . 2008-05-02 00:12 -------- d-----w- c:\program files\AVG
2010-02-26 05:32 . 2010-02-26 06:06 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-26 05:32 . 2010-02-26 06:06 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-26 05:32 . 2010-03-04 19:01 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-02-26 05:32 . 2010-03-04 19:01 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-02-26 05:32 . 2010-03-04 19:01 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-02-26 05:32 . 2010-03-04 19:01 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-02-26 05:31 . 2008-05-02 00:12 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-26 05:31 . 2008-05-02 00:12 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-26 05:23 . 2006-05-06 19:59 -------- d-----w- c:\program files\Java
2010-02-26 05:22 . 2010-02-26 05:22 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-26 05:22 . 2010-02-26 05:21 79488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 16:50 . 2008-05-09 22:01 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-09 21:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-09 21:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2006-09-04 04:48 . 2006-09-04 04:44 88 --sh--r- c:\windows\system32\882D662BFB.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinMem"="c:\program files\WinCleaner Memory Optimizer\WinMemOpt.exe" [2007-04-03 507392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"tutuvudrv"="byvwwt.dll" [2010-03-14 99840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-10 7311360]
"nwiz"="nwiz.exe" [2006-01-24 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-10 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-05-06 180269]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"vtrpomdrv"="byvwwt.dll" [2010-03-14 99840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"opqpnndrv"="byvwwt.dll" [2010-03-14 99840]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 19:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2/25/2010 10:32 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/25/2010 10:06 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/1/2008 5:13 PM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/1/2008 5:13 PM 242696]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 12:10 PM 308064]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [3/4/2010 12:06 PM 2325816]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/1/2008 5:12 PM 30104]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 11:51 PM 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/1/2008 5:12 PM 30104]
S3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/4/2010 12:08 PM 5888008]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [2/25/2010 10:32 PM 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [2/25/2010 10:32 PM 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [2/25/2010 10:31 PM 26120]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2/27/2010 4:28 PM 14424]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/18/2005 12:02 PM 15576]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [1/1/2006 12:08 AM 627072]
.
Contents of the 'Scheduled Tasks' folder

2010-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-11 00:13]

2010-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-28 06:50]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 06:50]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 06:50]

2010-03-12 c:\windows\Tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam-renamed.exe [2010-03-02 00:07]

2010-03-12 c:\windows\Tasks\Malwarebytes' Scheduled Update for HP_Administrator.job
- c:\program files\Malwarebytes' Anti-Malware\mbam-renamed.exe [2010-03-02 00:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sfgate.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://register.hp.com/servlet/WebReg.servlets.ProdReg1Servlet?appID=java_wreg_wreg_genpg&prodOS=029&gwCountry=US&language=en&PURCH_DT_MONTH=01&PURCH_DT_DAY=01&PURCH_DT_YEAR=2006&PROD_SERIAL_ID=CNH61912DK&application=305&modelID=EX272AA&LF=blue
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Trusted Zone: trymedia.com
TCP: {1AD773FB-91FD-4671-A270-72CA1FA19973} = 68.87.76.178,68.87.78.130
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.sfgate.com/
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fx4zvjn2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 18:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1912)
c:\windows\system32\byvwwt.dll
c:\windows\system32\wininet.dll

- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\byvwwt.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-15 18:41:39
ComboFix-quarantined-files.txt 2010-03-16 01:41
ComboFix2.txt 2010-03-15 21:55
ComboFix3.txt 2010-03-03 05:56

Pre-Run: 24,219,254,784 bytes free
Post-Run: 24,194,093,056 bytes free

- - End Of File - - 5D39DD2DC5F054A9CBB731BF723E02D4


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 15 March 2010 - 09:28 PM

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

CODE
Files to delete:
c:\windows\system32\byvwwt.dll
Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | vtrpomdrv


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Script Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" when prompted to reboot.
  • Avenger will Restart your computer, after the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following logs:
  • avenger.txt
  • Gmer log
  • New DDS log

Thanks

unite.jpg


#13 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 March 2010 - 11:16 AM

Hi Sylar,

I was able to run avenger but computer rebooted at some point while when running GMER. Should I rerun it? FYI an error message had popped up after the reboot saying that rundll32 could not locate byvwwt.dll could not be located.

-ed

#14 mr.flibble

mr.flibble
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 16 March 2010 - 11:20 AM

FYI I had disconnected from the internet and tuned off AVG's resident shield along with all other AVG scanners, I also wasn't running any other programs. Do I need to turn off or disable any programs running in hte background?

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:10:27 AM

Posted 17 March 2010 - 09:27 AM

Go ahead and try to run Gmer again, if it still won't complete then run it in safe mode, then post back with the three logs.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users