Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Case of Google Redirect


  • This topic is locked This topic is locked
46 replies to this topic

#1 HelloJoe

HelloJoe

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 05 April 2010 - 01:58 AM

It seems like there has been a lot of these lately. I'm not really sure what i'm supposed to post so here's a Hijackthis log. Thanks for your time, hope to hear a reply soon.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:24 PM, on 4/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AIM\aim.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9309 bytes


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 08 April 2010 - 01:41 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 08 April 2010 - 02:37 PM

MY computer has become extremely slow since a couple days ago. Also, I can barely open taskmanager anymore. Sometimes, If I attempt to open any program, the computer freezes pretty much. When I was able to open taskmanager on one occasion, I noticed that one sv_chost file was taking up a lot of memory (around 350k) All these symptoms started appearing around the same time I was being redirected to sites through search engines and even sometimes, a random web page would open up (most likely malicious).

OTL logfile created on: 4/8/2010 12:00:16 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.38 Gb Total Space | 31.44 Gb Free Space | 14.01% Space Free | Partition Type: NTFS
Drive D: | 8.49 Gb Total Space | 0.39 Gb Free Space | 4.61% Space Free | Partition Type: FAT32
Drive E: | 42.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 11:59:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2010/04/02 14:35:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/09 04:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/18 11:55:52 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 06:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009/10/14 06:30:06 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/09 17:29:16 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/11/01 10:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/08/03 00:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 11:59:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2009/10/14 06:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 04:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/10/14 06:30:26 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 20:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/04/05 19:38:16 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\BOTA6.tmp -- (GarenaPEngine)
DRV - [2010/03/09 04:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 04:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 04:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 04:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 04:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 04:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/18 11:55:52 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 11:55:52 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 11:55:52 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/10/14 06:30:02 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009/08/06 07:50:00 | 007,753,888 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/01/23 15:41:52 | 004,145,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/27 16:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)
DRV - [2005/10/20 16:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 16:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 16:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 06:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/02 15:46:38 | 000,177,664 | ---- | M] (2wire) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wltwo51b.sys -- (wltwo51b)
DRV - [2003/11/05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/04 21:19:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/04/05 00:25:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 14:35:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 14:21:07 | 000,000,000 | ---D | M]

[2010/03/31 15:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2010/03/31 15:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\d84eu4m8.default\extensions
[2010/04/08 00:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/27 10:49:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-59374703-1420979962-3430178418-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.com/download/xclean_micro.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 13:49:41 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/10 23:09:46 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2007/04/30 18:39:02 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/06/27 00:50:56 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008/04/14 05:42:42 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-21-59374703-1420979962-3430178418-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 11:58:54 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2010/04/08 11:57:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/07 23:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/07 15:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/04/07 14:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 14:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/07 14:21:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/07 14:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 00:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/07 00:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/07 00:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/06 19:34:23 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/04/06 15:48:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/06 15:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\avG
[2010/04/06 15:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/05 21:32:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AdobeUM
[2010/04/05 00:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\ForceField Shared Files
[2010/04/05 00:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\CheckPoint
[2010/04/05 00:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/04/05 00:09:37 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/04/05 00:09:36 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/04/05 00:09:36 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/04/05 00:09:31 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/04/05 00:09:30 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/04/05 00:09:30 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/04/05 00:09:30 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/04/05 00:09:30 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/04/05 00:09:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/04/05 00:09:28 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/04/05 00:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/04/05 00:09:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/04/05 00:09:07 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/04/05 00:09:07 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/04/05 00:09:07 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/04/04 20:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
[2010/04/04 20:53:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/04 20:53:21 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/04 20:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/04 18:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/04 13:36:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
[2010/04/04 13:25:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
[2010/04/03 20:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Jagex Games Studio
[2010/04/03 18:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/03 18:03:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/03 18:03:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/03 18:03:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/03 18:03:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/03 18:03:48 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/03 18:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun
[2010/04/03 16:57:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/03 16:55:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/03 16:54:14 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/03 16:54:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/03 16:54:13 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/03 16:47:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\UserData
[2010/04/03 13:21:41 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/04/02 17:08:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/02 16:22:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/02 15:01:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/02 15:01:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/02 15:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/02 15:01:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/02 14:56:03 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/04/02 14:55:53 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2010/04/02 14:55:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
[2010/04/02 14:54:45 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2010/04/02 14:54:45 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2010/04/02 14:54:45 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2010/04/02 14:54:45 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2010/04/02 14:54:45 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2010/04/02 14:54:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2010/04/02 14:54:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2010/04/02 14:54:45 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2010/04/02 14:54:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2010/04/02 14:54:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2010/04/02 14:54:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2010/04/02 14:54:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2010/04/02 14:54:44 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2010/04/02 14:54:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2010/04/02 14:54:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2010/04/02 14:54:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2010/04/02 14:54:43 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2010/04/02 14:54:43 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2010/04/02 14:54:43 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2010/04/02 14:54:43 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2010/04/02 14:54:43 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2010/04/02 14:54:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2010/04/02 14:54:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2010/04/02 14:54:43 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2010/04/02 14:54:43 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2010/04/02 14:54:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2010/04/02 14:54:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2010/04/02 14:54:42 | 001,850,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/04/02 14:54:42 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2010/04/02 14:54:42 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2010/04/02 14:54:42 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/02 14:54:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2010/04/02 14:54:42 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2010/04/02 14:54:42 | 000,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2010/04/02 14:54:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2010/04/02 14:54:42 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2010/04/02 14:54:42 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2010/04/02 14:54:41 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2010/04/02 14:54:41 | 000,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2010/04/02 14:54:41 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2010/04/02 14:54:40 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/02 14:54:40 | 000,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2010/04/02 14:54:40 | 000,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2010/04/02 14:54:40 | 000,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2010/04/02 14:54:39 | 000,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/04/02 14:54:39 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2010/04/02 14:54:39 | 000,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2010/04/02 14:54:39 | 000,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2010/04/02 14:54:39 | 000,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2010/04/02 14:54:39 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2010/04/02 14:54:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2010/04/02 14:54:39 | 000,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2010/04/02 14:54:39 | 000,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2010/04/02 14:54:39 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2010/04/02 14:54:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2010/04/02 14:54:38 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/04/02 14:54:38 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2010/04/02 14:54:38 | 000,134,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2010/04/02 14:54:38 | 000,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2010/04/02 14:54:38 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2010/04/02 14:54:38 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2010/04/02 14:54:37 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/04/01 19:29:41 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2010/04/01 19:29:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/01 19:29:39 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2010/04/01 19:29:39 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2010/04/01 19:29:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/01 19:29:39 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/01 19:29:39 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/01 19:29:39 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/01 19:29:39 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/01 19:29:39 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/01 19:29:39 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/01 19:29:39 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/01 19:29:36 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/01 19:29:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/01 19:29:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/01 19:29:32 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/01 19:29:32 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/01 19:29:32 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/01 19:29:32 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/01 19:29:32 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/01 19:29:32 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/01 19:29:32 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/01 19:29:31 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/01 19:29:31 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/01 19:29:31 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/01 19:29:31 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010/04/01 19:29:31 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/01 19:29:30 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/01 19:29:29 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/01 19:29:29 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/01 19:29:29 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/01 19:29:29 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/01 19:29:29 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/01 19:29:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/01 19:29:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/01 19:29:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/01 19:29:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/01 19:29:27 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2010/04/01 19:29:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/01 19:29:25 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/01 19:29:24 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/01 19:29:24 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/01 19:29:24 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/01 19:29:24 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/01 19:29:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/01 19:29:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/01 19:29:24 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/01 19:29:24 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/01 19:29:24 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/01 19:29:23 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/01 19:29:23 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/01 19:29:19 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/01 19:29:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/01 19:29:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/01 19:29:19 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/04/01 19:29:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/01 19:29:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/01 19:29:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/01 19:29:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/01 19:29:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/01 19:29:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/01 19:29:14 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/04/01 19:29:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/04/01 19:29:12 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010/04/01 19:29:10 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/01 19:29:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/01 19:29:08 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/01 19:29:08 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/01 19:29:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/01 19:29:08 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/01 19:29:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/01 19:29:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/01 19:29:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/01 19:29:07 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/01 19:29:07 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/01 19:29:07 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/01 19:29:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/01 19:29:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/01 19:29:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/01 19:29:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/01 19:29:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/01 19:29:04 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/01 19:29:03 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/01 19:29:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/01 19:29:02 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/04/01 19:29:02 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/01 19:29:02 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/01 19:29:02 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/01 19:29:02 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/01 19:29:02 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/01 19:29:02 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/01 19:29:02 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/01 19:29:02 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/01 19:29:02 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/01 19:29:02 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/01 19:29:02 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/01 19:29:02 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/01 19:29:02 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/01 19:29:02 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/01 19:29:01 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/04/01 19:29:01 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/01 19:29:01 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/04/01 19:29:01 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/01 19:29:01 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/01 19:29:01 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/01 19:29:01 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/01 19:29:01 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/01 19:29:01 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/01 19:29:00 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/01 19:29:00 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/04/01 19:29:00 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/04/01 19:29:00 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/01 19:29:00 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/01 19:29:00 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/01 19:29:00 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010/04/01 19:29:00 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/01 19:29:00 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/01 19:29:00 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/01 19:29:00 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/01 19:29:00 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/01 19:29:00 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/01 19:29:00 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/01 19:29:00 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/01 19:29:00 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/01 19:29:00 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/01 19:29:00 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/01 19:29:00 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/01 19:29:00 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/01 19:29:00 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/01 19:29:00 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/03/31 18:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\iConcertCal
[2010/03/31 18:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe
[2010/03/31 18:08:40 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/03/31 16:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
[2010/03/31 16:27:26 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/03/31 16:25:56 | 000,198,656 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM8O.DLL
[2010/03/31 16:25:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/03/31 16:22:49 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/03/31 16:22:10 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2010/03/31 16:21:59 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/03/31 16:20:25 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/03/31 16:19:47 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/03/31 16:19:47 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/03/31 16:19:18 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/03/31 16:18:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\kb913800.exe
[2010/03/31 16:18:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Apple Computer
[2010/03/31 16:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/31 16:14:16 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/03/31 16:14:13 | 002,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/03/31 16:14:13 | 002,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/03/31 16:14:12 | 002,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/03/31 16:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Apple
[2010/03/31 16:11:36 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/03/31 16:11:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/03/31 16:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Apple Computer
[2010/03/31 16:08:04 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/03/31 15:58:56 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/31 15:58:56 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/31 15:58:55 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/31 15:58:55 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/31 15:58:54 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/31 15:58:54 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/31 15:58:53 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/31 15:58:41 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/31 15:58:41 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/31 15:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/31 15:56:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/03/31 15:48:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/03/31 15:45:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/03/31 15:42:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Adobe
[2010/03/31 15:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Aim
[2010/03/31 15:10:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/03/31 15:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Mozilla
[2010/03/31 15:10:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla
[2010/03/31 14:57:29 | 000,356,096 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt61.sys
[2010/03/31 14:57:29 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2010/03/31 14:57:28 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcm42rly.sys
[2010/03/31 14:57:28 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcm42rly.sys
[2010/03/31 14:57:28 | 000,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\bcm42rly.sys
[2010/03/31 01:43:40 | 000,000,000 | ---D | C] -- C:\TWWUSB_TEMP
[2010/03/31 01:18:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/03/31 01:16:44 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/03/30 14:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Macromedia
[2010/03/30 14:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Hamachi
[2010/03/29 21:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio
[2010/03/29 21:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\R-Studio.v4.2.125063
[2010/03/29 19:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/03/29 18:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Songs
[2010/03/29 18:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\U3
[2010/03/29 18:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Template
[2010/03/29 18:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
[2010/03/29 18:19:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 18:18:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Recent
[2010/03/29 18:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Identities
[2010/03/29 18:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Lavasoft
[2010/03/29 18:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Intuit
[2010/03/29 18:15:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Microsoft
[2010/03/29 18:15:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data
[2010/03/29 18:15:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Favorites
[2010/03/29 18:15:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Cookies
[2010/03/29 18:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real
[2010/03/29 18:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google
[2010/03/29 18:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
[2010/03/29 18:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\ApplicationHistory
[2010/03/29 18:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft
[2010/03/29 18:15:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2010/03/29 18:15:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\SendTo
[2010/03/29 18:15:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Videos
[2010/03/29 18:15:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Pictures
[2010/03/29 18:15:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\My Music
[2010/03/29 18:15:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents
[2010/03/29 18:15:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\PrintHood
[2010/03/29 18:15:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\NetHood
[2010/03/29 18:15:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings
[2010/03/29 18:15:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu
[2010/03/29 18:15:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Templates
[2010/03/29 18:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
[2010/03/29 16:39:41 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/03/29 13:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2010/03/20 22:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\.jagex_cache_32
[2010/03/17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/12 22:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Downloads
[2010/03/11 00:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2010/03/09 21:33:41 | 001,509,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/09 21:33:38 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/08/22 12:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/08/20 13:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2007/07/18 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2006/02/15 12:56:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/02/15 12:56:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[262 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 11:59:10 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2010/04/08 11:55:24 | 000,248,739 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/08 11:54:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/08 11:53:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/08 01:04:38 | 002,883,584 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\NTUSER.DAT
[2010/04/08 01:04:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/04/08 01:04:04 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/08 00:30:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/07 14:40:35 | 000,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termdd.sys
[2010/04/07 14:02:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 19:27:37 | 006,277,098 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\WMP54Gv4.1_20051117,0.exe
[2010/04/06 15:49:51 | 000,198,656 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\174836237.dll
[2010/04/06 15:48:34 | 000,015,984 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\4W2k7t2Uo86
[2010/04/06 15:48:34 | 000,015,984 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4W2k7t2Uo86
[2010/04/05 00:10:20 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/05 00:09:40 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/04 21:40:05 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
[2010/04/04 21:35:34 | 000,001,890 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/04 21:35:34 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\ECA109CB8B.sys
[2010/04/04 20:53:28 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MW.lnk
[2010/04/04 16:20:05 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
[2010/04/04 16:16:56 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
[2010/04/04 13:37:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/03 18:03:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/03 18:03:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/03 18:03:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/03 18:03:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/03 18:03:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/02 20:39:48 | 000,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/02 19:05:49 | 000,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/02 19:05:49 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/02 19:05:49 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/02 19:05:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/02 19:01:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/02 17:11:40 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/02 16:23:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/02 16:23:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/03/31 20:59:35 | 001,972,392 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Violin.mp3
[2010/03/31 19:15:01 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/31 16:12:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/31 15:58:54 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/31 15:52:11 | 000,000,481 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/31 15:21:25 | 000,000,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/31 01:22:16 | 002,642,050 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\IconCache.db
[2010/03/29 19:20:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/29 19:02:28 | 000,000,012 | ---- | M] () -- C:\WINDOWS\dirsaver.ini
[2010/03/29 18:19:12 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/03/29 18:17:20 | 000,001,847 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER902AA-ABA a1450n_YC_0Pavi_QCNH608_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M2047_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#060611_N_Z11C10620_G10DE0640.MRK
[2010/03/29 18:14:15 | 000,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/03/29 18:14:10 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/03/29 18:13:43 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2010/03/29 18:12:02 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 00:12:05 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\123.wps
[2010/03/25 22:55:13 | 005,658,678 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\1.bmp
[2010/03/24 22:23:07 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Untitled Document.wps
[2010/03/24 21:53:48 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\jagex__preferences3.dat
[2010/03/18 23:32:40 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Hoopla.wps
[2010/03/18 00:36:59 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\SetList.wps
[2010/03/17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/03/17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/03/12 19:54:38 | 000,108,025 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010/03/11 00:42:12 | 000,004,940 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/03/09 21:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2010/03/09 21:33:38 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[262 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/07 14:02:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 19:26:54 | 006,277,098 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\WMP54Gv4.1_20051117,0.exe
[2010/04/06 15:49:31 | 000,198,656 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\174836237.dll
[2010/04/06 15:45:01 | 000,015,984 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\4W2k7t2Uo86
[2010/04/06 12:47:06 | 000,015,988 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4W2k7t2Uo86
[2010/04/06 12:47:06 | 000,015,984 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4W2k7t2Uo86
[2010/04/05 00:09:40 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/05 00:09:28 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/04/04 21:30:23 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\ECA109CB8B.sys
[2010/04/04 21:30:20 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/04 20:53:28 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MW.lnk
[2010/04/01 19:29:24 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/01 19:29:14 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/01 19:29:06 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/01 19:29:02 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/03/31 20:59:18 | 001,972,392 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Violin.mp3
[2010/03/31 18:08:42 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/31 16:34:28 | 011,328,398 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\STE-031.wav
[2010/03/31 16:34:27 | 010,412,430 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\STE-030.wav
[2010/03/31 16:12:05 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/31 15:21:25 | 000,000,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/03/31 14:57:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/03/31 14:57:29 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2010/03/30 01:40:00 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\LuResult.txt
[2010/03/29 19:20:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/29 18:42:54 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/29 18:28:57 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
[2010/03/29 18:17:18 | 000,001,847 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER902AA-ABA a1450n_YC_0Pavi_QCNH608_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M2047_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#060611_N_Z11C10620_G10DE0640.MRK
[2010/03/29 18:15:58 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2010/03/29 18:15:45 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.ini
[2010/03/29 18:15:44 | 002,883,584 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\NTUSER.DAT
[2010/03/29 18:15:44 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\ntuser.dat.LOG
[2010/03/25 23:10:03 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\123.wps
[2010/03/25 22:55:12 | 005,658,678 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\1.bmp
[2010/03/24 22:23:07 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\My Documents\Untitled Document.wps
[2010/03/24 21:53:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\jagex__preferences3.dat
[2010/03/18 23:01:18 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Hoopla.wps
[2010/03/11 00:42:12 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/07 22:13:34 | 000,010,375 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\hs_err_pid1672.log
[2009/11/06 20:43:54 | 000,000,018 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2009/09/02 17:36:25 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
[2009/08/31 21:21:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/09 11:55:57 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/06/27 22:59:22 | 000,011,561 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\hs_err_pid1040.log
[2009/06/27 22:59:21 | 000,011,596 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\hs_err_pid856.log
[2009/06/14 17:43:07 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
[2009/05/28 16:10:56 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2008/10/03 15:04:05 | 000,006,273 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\_GEAREXT.WO_IDENT.TXT
[2007/11/21 17:16:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/09/23 13:25:41 | 000,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2007/05/02 15:56:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\ua2.dll
[2007/02/12 18:05:57 | 000,000,027 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
[2006/11/29 23:23:14 | 000,000,267 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/01 15:09:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/10/30 15:38:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/09 14:43:47 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/11 20:56:19 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/06/11 20:56:08 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/11 20:54:05 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/11 20:52:45 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/06/11 07:27:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/06/10 21:29:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/10 20:31:33 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/06/10 20:31:33 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/02/15 14:20:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/15 13:57:30 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/02/15 13:52:32 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/02/15 13:52:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/02/15 13:50:12 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/02/15 13:47:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 13:38:19 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/15 13:37:04 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/15 13:23:23 | 000,003,828 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/02/15 13:22:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 13:18:59 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/15 13:18:59 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/15 13:18:59 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/15 13:18:58 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/15 13:18:58 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/15 13:18:58 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/15 13:17:45 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/15 12:59:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/02/15 12:59:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/02/15 12:59:24 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 14:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/09 21:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_008375_.tmp.dll
[2004/08/09 21:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_008343_.tmp.dll
[2004/07/26 07:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/14 12:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1940DBE8
< End of report >

OTL Extras logfile created on: 4/8/2010 12:00:16 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.38 Gb Total Space | 31.44 Gb Free Space | 14.01% Space Free | Partition Type: NTFS
Drive D: | 8.49 Gb Total Space | 0.39 Gb Free Space | 4.61% Space Free | Partition Type: FAT32
Drive E: | 42.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- Reg Error: Value error. File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-59374703-1420979962-3430178418-1008\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- File not found
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- File not found
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7973FE67-7730-499E-8DC6-CC329714BB05}" = iConcertCal
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{8A7F6127-CF84-476E-B2DE-F3CC912CBF6C}" = RuneScape
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AOL Instant Messenger" = AOL Instant Messenger
"avast5" = avast! Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"R-Studio 4.2NSIS" = R-Studio 4.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2010 4:00:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 4/5/2010 4:00:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 4/5/2010 9:02:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/5/2010 9:02:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18170156

Error - 4/5/2010 9:02:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18170156

Error - 4/6/2010 12:31:10 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application java.exe, version 6.0.190.4, faulting module
java.dll, version 6.0.190.4, fault address 0x00005875.

Error - 4/6/2010 3:51:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/6/2010 6:41:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2010 6:41:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8907906

Error - 4/6/2010 6:41:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8907906

[ Application Events ]
Error - 4/5/2010 4:00:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 4/5/2010 4:00:04 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 4/5/2010 9:02:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/5/2010 9:02:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18170156

Error - 4/5/2010 9:02:53 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18170156

Error - 4/6/2010 12:31:10 AM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application java.exe, version 6.0.190.4, faulting module
java.dll, version 6.0.190.4, fault address 0x00005875.

Error - 4/6/2010 3:51:33 PM | Computer Name = YOUR-4DACD0EA75 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/6/2010 6:41:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/6/2010 6:41:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8907906

Error - 4/6/2010 6:41:35 PM | Computer Name = YOUR-4DACD0EA75 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8907906

[ System Events ]
Error - 3/31/2010 6:12:07 PM | Computer Name = YOUR-4DACD0EA75 | Source = Dhcp | ID = 1002
Description = The IP address lease 172.16.1.33 for the Network Card with network
address 00259CAB2DDF has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/31/2010 6:12:07 PM | Computer Name = YOUR-4DACD0EA75 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 3/31/2010 6:45:03 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB920213).

Error - 3/31/2010 6:50:38 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024200d: Security Update for Windows XP (KB932168).

Error - 3/31/2010 7:07:10 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 4/2/2010 4:23:31 AM | Computer Name = YOUR-4DACD0EA75 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00259CAB2DDF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 4/2/2010 5:35:26 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 7 for Windows XP.

Error - 4/2/2010 7:12:15 PM | Computer Name = YOUR-4DACD0EA75 | Source = NtServicePack | ID = 921878
Description = Windows XP Service Pack 3 installation failed, leaving Windows XP
partially updated. Service Pack 3 installation did not complete.

Error - 4/2/2010 7:12:26 PM | Computer Name = YOUR-4DACD0EA75 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f070: Windows XP Service Pack 3 (KB936929).

Error - 4/2/2010 7:23:20 PM | Computer Name = YOUR-4DACD0EA75 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-08 12:28:55
Windows 5.1.2600 Service Pack 3
Running: sf90w56w.exe; Driver: C:\DOCUME~1\HP_ADM~1.YOU\LOCALS~1\Temp\kwxyafod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB48D945C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A40AAC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 08 April 2010 - 02:45 PM

Hello HelloJoe,

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 08 April 2010 - 03:22 PM

If I turn off the internet, is it safe to backup files on an external harddrive?

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 08 April 2010 - 03:33 PM

Yes it is, but make sure you backup only files you know are safe (documents, pictures, other personal files).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 08 April 2010 - 11:51 PM

Okay, so kind of paranoid now, I just transferred over a bunch of songs, pictures, videos, and movies over to my external hard drive with the internet off. Is there any chance or any way that the external could have been breached or infected?


I'm considering re-formatting the computer. Running combo-fix causes iexplorer to crash and the computer itself to crash. Is there anything else I should know about the computer? Such as possible risks in spreading the malware that leads to the "backdoor." Especially because I am looking into buying a new laptop anyway and do not wish to reinfect the new laptop with the same virus (if possible through external harddrive) Although the data I backed up on the external is pretty important to me..does it pose a threat of some kind?

Edited by HelloJoe, 09 April 2010 - 02:08 AM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 09 April 2010 - 04:51 AM

Personally I'd recommend to clean the computer up first, since you have quite some backups to make. That way you're more sure there are no infected objects left on your computer before doing the reformat and thus your backups also will be clean.

If you want to proceed with that, try to run Combofix in safe mode.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 09 April 2010 - 05:49 PM

I actually kind of already backed up things on the harddrive, should I format and reupload files onto the hard drive after my computer is "clean?"
Also, while on safemode, I wasn't able to turn off real time scanning for avast

ComboFix 10-04-07.04 - HP_Administrator 04/09/2010 15:56:03.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1693 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1667689662-1117570136-4163080922-1008
c:\windows\system32\_008332_.tmp.dll
c:\windows\system32\_008333_.tmp.dll
c:\windows\system32\_008334_.tmp.dll
c:\windows\system32\_008335_.tmp.dll
c:\windows\system32\_008342_.tmp.dll
c:\windows\system32\_008343_.tmp.dll
c:\windows\system32\_008344_.tmp.dll
c:\windows\system32\_008345_.tmp.dll
c:\windows\system32\_008347_.tmp.dll
c:\windows\system32\_008348_.tmp.dll
c:\windows\system32\_008351_.tmp.dll
c:\windows\system32\_008352_.tmp.dll
c:\windows\system32\_008354_.tmp.dll
c:\windows\system32\_008355_.tmp.dll
c:\windows\system32\_008356_.tmp.dll
c:\windows\system32\_008358_.tmp.dll
c:\windows\system32\_008361_.tmp.dll
c:\windows\system32\_008362_.tmp.dll
c:\windows\system32\_008366_.tmp.dll
c:\windows\system32\_008367_.tmp.dll
c:\windows\system32\_008369_.tmp.dll
c:\windows\system32\_008371_.tmp.dll
c:\windows\system32\_008372_.tmp.dll
c:\windows\system32\_008374_.tmp.dll
c:\windows\system32\_008375_.tmp.dll
c:\windows\system32\_008376_.tmp.dll
c:\windows\system32\_008377_.tmp.dll
c:\windows\system32\_008378_.tmp.dll
c:\windows\system32\_008381_.tmp.dll
c:\windows\system32\_008382_.tmp.dll
c:\windows\system32\_008383_.tmp.dll
c:\windows\system32\_008384_.tmp.dll
c:\windows\system32\_008385_.tmp.dll
c:\windows\system32\_008390_.tmp.dll
c:\windows\system32\_008392_.tmp.dll
c:\windows\system32\_008393_.tmp.dll
c:\windows\system32\ps2.bat
D:\AUTORUN.INF

.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=


R3 GarenaPEngine;GarenaPEngine;c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-18 66632]
S2 aswFsBlk;aswFsBlk; [x]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 476528]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2009-12-08 93320]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]

.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
AddRemove-B3EE3001-DC24-4cd1-8743-5692C716659F - c:\program files\EnglishOtto\uninstallotto.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 16:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A507AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7e3c852
\Driver\iaStor -> iaStor.sys @ 0xb7e60b10
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
.
**************************************************************************
.
Completion time: 2010-04-09 16:36:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-09 23:36

Pre-Run: 33,866,469,376 bytes free
Post-Run: 34,261,032,960 bytes free

- - End Of File - - 9B450125F0213BAA05DA22AAE4A7CA8D

Edited by HelloJoe, 09 April 2010 - 06:40 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 10 April 2010 - 01:43 AM

Hello again,
I'd say its more precautious to re-backup things after everything is clean. Better be safe than sorry.
  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 10 April 2010 - 02:54 AM

00:50:43:156 2980 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
00:50:43:156 2980 ================================================================================
00:50:43:156 2980 SystemInfo:

00:50:43:156 2980 OS Version: 5.1.2600 ServicePack: 3.0
00:50:43:156 2980 Product type: Workstation
00:50:43:156 2980 ComputerName: YOUR-4DACD0EA75
00:50:43:156 2980 UserName: HP_Administrator
00:50:43:156 2980 Windows directory: C:\WINDOWS
00:50:43:156 2980 Processor architecture: Intel x86
00:50:43:156 2980 Number of processors: 2
00:50:43:156 2980 Page size: 0x1000
00:50:43:156 2980 Boot type: Normal boot
00:50:43:156 2980 ================================================================================
00:50:43:156 2980 UnloadDriverW: NtUnloadDriver error 2
00:50:43:156 2980 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
00:50:43:203 2980 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
00:50:43:203 2980 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
00:50:43:203 2980 wfopen_ex: Trying to KLMD file open
00:50:43:203 2980 wfopen_ex: File opened ok (Flags 2)
00:50:43:203 2980 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
00:50:43:203 2980 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
00:50:43:203 2980 wfopen_ex: Trying to KLMD file open
00:50:43:203 2980 wfopen_ex: File opened ok (Flags 2)
00:50:43:203 2980 Initialize success
00:50:43:203 2980
00:50:43:203 2980 Scanning Services ...
00:50:43:531 2980 Raw services enum returned 341 services
00:50:43:531 2980
00:50:43:531 2980 Scanning Kernel memory ...
00:50:43:531 2980 Devices to scan: 13
00:50:43:531 2980
00:50:43:531 2980 Driver Name: Disk
00:50:43:531 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:531 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:531 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:531 2980 IRP_MJ_READ : B8108D1F
00:50:43:531 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:531 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:531 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:531 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:531 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:531 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:531 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:531 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:531 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:531 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:531 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:531 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:531 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:531 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:531 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:531 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:531 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:531 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:531 2980 IRP_MJ_POWER : B810AC82
00:50:43:531 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:531 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:531 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:531 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:578 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:578 2980
00:50:43:578 2980 Driver Name: usbstor
00:50:43:578 2980 IRP_MJ_CREATE : B839D218
00:50:43:578 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:578 2980 IRP_MJ_CLOSE : B839D218
00:50:43:578 2980 IRP_MJ_READ : B839D23C
00:50:43:578 2980 IRP_MJ_WRITE : B839D23C
00:50:43:578 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:578 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:578 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:578 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:578 2980 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:50:43:578 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:578 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:578 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:578 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:578 2980 IRP_MJ_DEVICE_CONTROL : B839D180
00:50:43:578 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B83989E6
00:50:43:578 2980 IRP_MJ_SHUTDOWN : 804F4562
00:50:43:578 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:578 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:578 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:578 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:578 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:578 2980 IRP_MJ_POWER : B839C5F0
00:50:43:578 2980 IRP_MJ_SYSTEM_CONTROL : B839AA6E
00:50:43:578 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:578 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:578 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:593 2980 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:50:43:593 2980
00:50:43:593 2980 Driver Name: Disk
00:50:43:593 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:593 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:593 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:593 2980 IRP_MJ_READ : B8108D1F
00:50:43:593 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:593 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:593 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:593 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:593 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:593 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:593 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:593 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:593 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:593 2980 IRP_MJ_POWER : B810AC82
00:50:43:593 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:593 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:593 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:593 2980
00:50:43:593 2980 Driver Name: Disk
00:50:43:593 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:593 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:593 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:593 2980 IRP_MJ_READ : B8108D1F
00:50:43:593 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:593 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:593 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:593 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:593 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:593 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:593 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:593 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:593 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:593 2980 IRP_MJ_POWER : B810AC82
00:50:43:593 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:593 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:593 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:593 2980
00:50:43:593 2980 Driver Name: Disk
00:50:43:593 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:593 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:593 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:593 2980 IRP_MJ_READ : B8108D1F
00:50:43:593 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:593 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:593 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:593 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:593 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:593 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:593 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:593 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:593 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:593 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:593 2980 IRP_MJ_POWER : B810AC82
00:50:43:593 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:593 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:593 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:593 2980
00:50:43:593 2980 Driver Name: Disk
00:50:43:593 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:593 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:593 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:593 2980 IRP_MJ_READ : B8108D1F
00:50:43:593 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:593 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:593 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:593 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:593 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:593 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:609 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:609 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:609 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_POWER : B810AC82
00:50:43:609 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:609 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:609 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:609 2980
00:50:43:609 2980 Driver Name: usbstor
00:50:43:609 2980 IRP_MJ_CREATE : B839D218
00:50:43:609 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:609 2980 IRP_MJ_CLOSE : B839D218
00:50:43:609 2980 IRP_MJ_READ : B839D23C
00:50:43:609 2980 IRP_MJ_WRITE : B839D23C
00:50:43:609 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:609 2980 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B839D180
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B83989E6
00:50:43:609 2980 IRP_MJ_SHUTDOWN : 804F4562
00:50:43:609 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:609 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_POWER : B839C5F0
00:50:43:609 2980 IRP_MJ_SYSTEM_CONTROL : B839AA6E
00:50:43:609 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:609 2980 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:50:43:609 2980
00:50:43:609 2980 Driver Name: usbstor
00:50:43:609 2980 IRP_MJ_CREATE : B839D218
00:50:43:609 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:609 2980 IRP_MJ_CLOSE : B839D218
00:50:43:609 2980 IRP_MJ_READ : B839D23C
00:50:43:609 2980 IRP_MJ_WRITE : B839D23C
00:50:43:609 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:609 2980 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B839D180
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B83989E6
00:50:43:609 2980 IRP_MJ_SHUTDOWN : 804F4562
00:50:43:609 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:609 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_POWER : B839C5F0
00:50:43:609 2980 IRP_MJ_SYSTEM_CONTROL : B839AA6E
00:50:43:609 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:609 2980 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:50:43:609 2980
00:50:43:609 2980 Driver Name: usbstor
00:50:43:609 2980 IRP_MJ_CREATE : B839D218
00:50:43:609 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:609 2980 IRP_MJ_CLOSE : B839D218
00:50:43:609 2980 IRP_MJ_READ : B839D23C
00:50:43:609 2980 IRP_MJ_WRITE : B839D23C
00:50:43:609 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:609 2980 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B839D180
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B83989E6
00:50:43:609 2980 IRP_MJ_SHUTDOWN : 804F4562
00:50:43:609 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:609 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_POWER : B839C5F0
00:50:43:609 2980 IRP_MJ_SYSTEM_CONTROL : B839AA6E
00:50:43:609 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:609 2980 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:50:43:609 2980
00:50:43:609 2980 Driver Name: usbstor
00:50:43:609 2980 IRP_MJ_CREATE : B839D218
00:50:43:609 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:609 2980 IRP_MJ_CLOSE : B839D218
00:50:43:609 2980 IRP_MJ_READ : B839D23C
00:50:43:609 2980 IRP_MJ_WRITE : B839D23C
00:50:43:609 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:609 2980 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B839D180
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B83989E6
00:50:43:609 2980 IRP_MJ_SHUTDOWN : 804F4562
00:50:43:609 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:609 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_POWER : B839C5F0
00:50:43:609 2980 IRP_MJ_SYSTEM_CONTROL : B839AA6E
00:50:43:609 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:609 2980 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:50:43:609 2980
00:50:43:609 2980 Driver Name: Disk
00:50:43:609 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:609 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:609 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:609 2980 IRP_MJ_READ : B8108D1F
00:50:43:609 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:609 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:609 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:609 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:609 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:609 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:609 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:609 2980 IRP_MJ_POWER : B810AC82
00:50:43:609 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:609 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:609 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:609 2980
00:50:43:609 2980 Driver Name: Disk
00:50:43:609 2980 IRP_MJ_CREATE : B810EBB0
00:50:43:609 2980 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:50:43:609 2980 IRP_MJ_CLOSE : B810EBB0
00:50:43:609 2980 IRP_MJ_READ : B8108D1F
00:50:43:609 2980 IRP_MJ_WRITE : B8108D1F
00:50:43:609 2980 IRP_MJ_QUERY_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_QUERY_EA : 804F4562
00:50:43:609 2980 IRP_MJ_SET_EA : 804F4562
00:50:43:609 2980 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:50:43:609 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:50:43:609 2980 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:50:43:609 2980 IRP_MJ_DEVICE_CONTROL : B81093BB
00:50:43:609 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:50:43:625 2980 IRP_MJ_SHUTDOWN : B81092E2
00:50:43:625 2980 IRP_MJ_LOCK_CONTROL : 804F4562
00:50:43:625 2980 IRP_MJ_CLEANUP : 804F4562
00:50:43:625 2980 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:50:43:625 2980 IRP_MJ_QUERY_SECURITY : 804F4562
00:50:43:625 2980 IRP_MJ_SET_SECURITY : 804F4562
00:50:43:625 2980 IRP_MJ_POWER : B810AC82
00:50:43:625 2980 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:50:43:625 2980 IRP_MJ_DEVICE_CHANGE : 804F4562
00:50:43:625 2980 IRP_MJ_QUERY_QUOTA : 804F4562
00:50:43:625 2980 IRP_MJ_SET_QUOTA : 804F4562
00:50:43:625 2980 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:50:43:625 2980
00:50:43:625 2980 Driver Name: atapi
00:50:43:625 2980 IRP_MJ_CREATE : 8A507AC8
00:50:43:625 2980 IRP_MJ_CREATE_NAMED_PIPE : 8A507AC8
00:50:43:625 2980 IRP_MJ_CLOSE : 8A507AC8
00:50:43:625 2980 IRP_MJ_READ : 8A507AC8
00:50:43:625 2980 IRP_MJ_WRITE : 8A507AC8
00:50:43:625 2980 IRP_MJ_QUERY_INFORMATION : 8A507AC8
00:50:43:625 2980 IRP_MJ_SET_INFORMATION : 8A507AC8
00:50:43:625 2980 IRP_MJ_QUERY_EA : 8A507AC8
00:50:43:625 2980 IRP_MJ_SET_EA : 8A507AC8
00:50:43:625 2980 IRP_MJ_FLUSH_BUFFERS : 8A507AC8
00:50:43:625 2980 IRP_MJ_QUERY_VOLUME_INFORMATION : 8A507AC8
00:50:43:625 2980 IRP_MJ_SET_VOLUME_INFORMATION : 8A507AC8
00:50:43:625 2980 IRP_MJ_DIRECTORY_CONTROL : 8A507AC8
00:50:43:625 2980 IRP_MJ_FILE_SYSTEM_CONTROL : 8A507AC8
00:50:43:625 2980 IRP_MJ_DEVICE_CONTROL : 8A507AC8
00:50:43:625 2980 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8A507AC8
00:50:43:625 2980 IRP_MJ_SHUTDOWN : 8A507AC8
00:50:43:625 2980 IRP_MJ_LOCK_CONTROL : 8A507AC8
00:50:43:625 2980 IRP_MJ_CLEANUP : 8A507AC8
00:50:43:625 2980 IRP_MJ_CREATE_MAILSLOT : 8A507AC8
00:50:43:625 2980 IRP_MJ_QUERY_SECURITY : 8A507AC8
00:50:43:625 2980 IRP_MJ_SET_SECURITY : 8A507AC8
00:50:43:625 2980 IRP_MJ_POWER : 8A507AC8
00:50:43:625 2980 IRP_MJ_SYSTEM_CONTROL : 8A507AC8
00:50:43:625 2980 IRP_MJ_DEVICE_CHANGE : 8A507AC8
00:50:43:625 2980 IRP_MJ_QUERY_QUOTA : 8A507AC8
00:50:43:625 2980 IRP_MJ_SET_QUOTA : 8A507AC8
00:50:43:625 2980 Driver "atapi" infected by TDSS rootkit!
00:50:43:625 2980 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
00:50:43:625 2980 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 00:50:43:625 2980 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
00:50:43:625 2980 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
00:50:43:875 2980 vfvi6
00:50:43:968 2980 !dsvbh1
00:50:44:156 2980 dsvbh2
00:50:44:156 2980 fdfb2
00:50:44:156 2980 Backup copy found, using it..
00:50:44:171 2980 will be cured on next reboot
00:50:44:171 2980 Reboot required for cure complete..
00:50:44:187 2980 Cure on reboot scheduled successfully
00:50:44:187 2980
00:50:44:187 2980 Completed
00:50:44:187 2980
00:50:44:187 2980 Results:
00:50:44:187 2980 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
00:50:44:187 2980 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:50:44:187 2980 File objects infected / cured / cured on reboot: 1 / 0 / 1
00:50:44:187 2980
00:50:44:187 2980 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
00:50:44:187 2980 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
00:50:44:187 2980 UnloadDriverW: NtUnloadDriver error 1
00:50:44:187 2980 KLMD(ARK) unloaded successfully


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 10 April 2010 - 04:33 AM

Please post me a new Combofix log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 10 April 2010 - 05:05 AM

ComboFix 10-04-07.04 - HP_Administrator 04/10/2010 2:47.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1788 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 05:04 . 2010-04-09 05:04 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\WMTools Downloaded Files
2010-04-07 22:00 . 2010-04-07 22:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-04-07 21:59 . 2010-04-07 21:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-07 21:02 . 2010-04-07 21:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 02:34 . 2010-04-07 02:34 -------- d-----w- C:\Linksys Driver
2010-04-06 22:49 . 2010-04-06 22:49 198656 --sha-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\174836237.dll
2010-04-06 22:45 . 2010-04-06 22:45 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\avG
2010-04-06 22:45 . 2010-04-06 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-06 04:32 . 2010-04-06 04:32 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AdobeUM
2010-04-05 04:30 . 2010-04-05 04:35 56 --sh--r- c:\windows\system32\ECA109CB8B.sys
2010-04-05 04:30 . 2010-04-05 04:35 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-05 03:53 . 2010-04-05 03:53 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-04-05 03:53 . 2010-03-29 22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 03:53 . 2010-04-05 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 03:53 . 2010-03-29 22:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 03:52 . 2010-04-05 03:52 52224 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-05 01:49 . 2010-04-05 01:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-04 20:36 . 2010-04-04 20:36 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
2010-04-04 20:25 . 2010-04-04 20:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-04 20:25 . 2010-04-04 20:25 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-04-04 03:31 . 2010-04-04 03:31 -------- d-----w- c:\program files\Jagex Games Studio
2010-04-04 01:04 . 2010-04-04 01:04 503808 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4365ea3f-n\msvcp71.dll
2010-04-04 01:04 . 2010-04-04 01:04 499712 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4365ea3f-n\jmc.dll
2010-04-04 01:04 . 2010-04-04 01:04 348160 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4365ea3f-n\msvcr71.dll
2010-04-04 01:04 . 2010-04-04 01:04 61440 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63638b8c-n\decora-sse.dll
2010-04-04 01:04 . 2010-04-04 01:04 12800 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63638b8c-n\decora-d3d.dll
2010-04-04 01:03 . 2010-04-04 01:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 23:57 . 2010-04-04 20:37 -------- d-----w- c:\windows\ie8updates
2010-04-03 23:55 . 2010-04-04 03:36 -------- dc-h--w- c:\windows\ie8
2010-04-03 23:54 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-03 23:54 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-03 23:54 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-03 23:54 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-03 23:54 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-03 23:53 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-03 23:47 . 2010-04-03 23:47 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData
2010-04-03 20:21 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-04-02 22:01 . 2010-04-03 00:14 -------- d-----w- c:\windows\system32\scripting
2010-04-02 22:01 . 2010-04-03 00:14 -------- d-----w- c:\windows\system32\en
2010-04-02 22:01 . 2010-04-03 00:14 -------- d-----w- c:\windows\system32\bits
2010-04-02 21:56 . 2008-04-13 18:56 12288 ------w- c:\windows\system32\drivers\tunmp.sys
2010-04-02 21:56 . 2008-04-13 18:40 11904 ------w- c:\windows\system32\drivers\sffdisk.sys
2010-04-02 21:56 . 2008-04-13 18:40 11008 ------w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-02 21:56 . 2008-04-13 18:36 15488 ------w- c:\windows\system32\drivers\mssmbios.sys
2010-04-02 21:56 . 2008-04-13 18:36 79232 ------w- c:\windows\system32\drivers\sdbus.sys
2010-04-02 21:56 . 2008-04-13 18:31 37760 ------w- c:\windows\system32\drivers\amdk7.sys
2010-04-02 21:56 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-04-02 21:56 . 2008-04-13 18:45 30208 ------w- c:\windows\system32\drivers\usbehci.sys
2010-04-02 21:56 . 2008-04-13 18:45 19200 ------w- c:\windows\system32\drivers\hidir.sys
2010-04-02 21:55 . 2008-04-13 17:39 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-04-02 21:55 . 2008-04-13 18:53 36608 ------w- c:\windows\system32\drivers\ip6fw.sys
2010-04-02 21:55 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-02 21:55 . 2008-04-14 00:12 409088 ------w- c:\windows\system32\qmgr.dll
2010-04-02 21:55 . 2008-04-13 18:32 129792 ------w- c:\windows\system32\drivers\fltmgr.sys
2010-04-02 21:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-02 21:55 . 2010-04-02 21:55 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
2010-04-01 01:50 . 2010-04-07 02:53 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\iConcertCal
2010-04-01 01:38 . 2010-04-01 01:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe
2010-04-01 01:08 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-01 01:08 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-31 23:33 . 2010-04-09 05:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
2010-03-31 23:27 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-31 23:25 . 2006-11-06 22:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8O.DLL
2010-03-31 23:25 . 2006-11-06 22:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8O.DLL
2010-03-31 23:25 . 2006-11-06 22:00 198656 ----a-w- c:\windows\system32\CNMLM8O.DLL
2010-03-31 23:25 . 2010-03-31 23:25 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-03-31 23:22 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-31 23:22 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2010-03-31 23:21 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-31 23:20 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-31 23:20 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-31 23:20 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-03-31 23:19 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-31 23:19 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-31 23:19 . 2009-12-04 18:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-31 23:18 . 2006-03-21 03:23 23040 ------w- c:\windows\kb913800.exe
2010-03-31 23:18 . 2010-04-02 03:34 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Apple Computer
2010-03-31 23:16 . 2010-03-31 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 23:14 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-03-31 23:14 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-03-31 23:14 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-03-31 23:14 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-03-31 23:14 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-03-31 23:14 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-31 23:14 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-03-31 23:14 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-31 23:14 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-03-31 23:14 . 2009-12-08 19:27 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-31 23:14 . 2009-12-08 19:26 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-31 23:14 . 2009-12-08 18:43 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-31 23:12 . 2010-03-31 23:12 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Apple
2010-03-31 23:11 . 2009-10-16 09:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-31 23:11 . 2009-10-16 09:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-31 23:11 . 2010-04-01 01:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-31 23:08 . 2010-03-31 23:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Apple Computer
2010-03-31 23:08 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-03-31 23:07 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-03-31 22:58 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-31 22:58 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-31 22:58 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-31 22:58 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-31 22:58 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-31 22:58 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-31 22:58 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-31 22:58 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-31 22:58 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-31 22:58 . 2010-03-31 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-31 22:56 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-03-31 22:21 . 2010-03-31 22:21 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Aim
2010-03-31 22:10 . 2010-03-31 22:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Mozilla
2010-03-31 21:57 . 2003-10-13 23:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-03-31 21:57 . 2005-10-27 23:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2010-03-31 21:57 . 2003-09-26 06:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-03-31 21:57 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2010-03-31 21:57 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-03-31 21:57 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2010-03-31 08:43 . 2010-03-31 08:43 -------- d-----w- C:\TWWUSB_TEMP
2010-03-31 08:35 . 2010-03-31 08:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GarageGames
2010-03-31 08:35 . 2010-04-07 02:52 -------- d-----w- c:\documents and settings\HP_Administrator
2010-03-31 08:18 . 2010-03-31 08:18 -------- d-----w- c:\windows\system32\AGEIA
2010-03-31 08:16 . 2009-08-13 23:50 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-30 21:34 . 2010-03-30 21:34 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Hamachi
2010-03-30 04:11 . 2010-03-30 04:11 -------- d-----w- c:\program files\R-Studio
2010-03-30 02:25 . 2010-03-30 02:25 -------- d-----w- c:\program files\Recuva
2010-03-30 02:20 . 2010-03-30 02:20 552 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 09:41 . 2010-04-05 18:37 7768249 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-10 08:02 . 2010-04-02 21:54 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-09 04:58 . 2010-03-30 01:28 1524 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
2010-04-08 21:06 . 2010-04-02 21:54 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-08 19:29 . 2009-06-30 02:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-07 02:36 . 2006-02-15 20:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 23:29 . 2010-04-06 23:29 111597 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_06_16_10_44_small.dmp.zip
2010-04-06 23:10 . 2010-04-06 23:24 1609216 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-04-06 22:43 . 2010-04-06 22:44 1606144 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-06 05:47 . 2006-08-07 23:27 -------- d-----w- c:\program files\Warcraft III
2010-04-06 02:40 . 2010-01-19 20:05 -------- d-----w- c:\program files\Garena
2010-04-05 07:09 . 2010-04-05 07:09 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\CheckPoint
2010-04-05 07:09 . 2010-04-05 07:09 -------- d-----w- c:\program files\CheckPoint
2010-04-05 07:09 . 2010-04-05 07:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-05 07:09 . 2010-04-05 07:09 -------- d-----w- c:\program files\Zone Labs
2010-04-05 04:20 . 2009-08-17 18:28 -------- d-----w- c:\program files\McAfee
2010-04-04 23:20 . 2009-09-03 00:36 69 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
2010-04-04 23:16 . 2009-06-15 00:43 41 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
2010-04-04 01:04 . 2006-02-15 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 03:32 . 2006-02-15 20:35 46824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-03 00:17 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 00:16 . 2010-04-03 00:16 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-04-03 00:16 . 2010-04-03 00:16 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-04-03 00:16 . 2010-04-03 00:16 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-04-03 00:16 . 2010-04-03 00:16 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-04-03 00:16 . 2010-04-03 00:16 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-04-03 00:16 . 2010-04-03 00:16 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-04-03 00:16 . 2010-04-03 00:16 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-04-03 00:16 . 2010-04-03 00:16 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-04-03 00:16 . 2010-04-03 00:16 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-04-01 01:08 . 2008-10-10 05:55 -------- d-----w- c:\program files\iTunes
2010-04-01 01:08 . 2006-06-11 14:04 -------- d-----w- c:\program files\iPod
2010-03-31 23:34 . 2006-02-15 20:29 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-31 23:33 . 2006-02-15 20:25 -------- d-----w- c:\program files\Common Files\HP
2010-03-31 23:14 . 2008-04-18 22:45 -------- d-----w- c:\program files\QuickTime
2010-03-31 23:11 . 2006-10-11 22:14 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 23:10 . 2009-09-30 21:39 -------- d-----w- c:\program files\Bonjour
2010-03-31 22:58 . 2009-06-22 22:23 -------- d-----w- c:\program files\Alwil Software
2010-03-31 22:21 . 2008-10-29 03:47 -------- d-----w- c:\program files\AIM
2010-03-30 21:02 . 2006-02-15 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-30 21:02 . 2006-02-15 21:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-30 08:37 . 2006-02-15 20:38 -------- d-----w- c:\program files\WildTangent
2010-03-30 01:38 . 2006-02-15 20:57 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-03-30 01:17 . 2010-03-30 01:17 1847 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER902AA-ABA a1450n_YC_0Pavi_QCNH608_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M2047_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#060611_N_Z11C10620_G10DE0640.MRK
2010-03-29 20:17 . 2010-03-11 07:55 -------- d-----w- c:\program files\D-Link
2010-03-28 19:28 . 2009-12-28 21:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2010-03-27 22:34 . 2006-09-10 00:34 23806 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2010-03-22 19:03 . 2010-03-03 00:29 439816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-03-13 03:58 . 2009-04-18 00:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hamachi
2010-03-13 02:54 . 2006-08-07 23:50 108025 ----a-w- c:\windows\War3Unin.dat
2010-03-10 04:27 . 2010-01-14 01:30 -------- d-----w- c:\program files\Heroes of Newerth
2010-03-01 22:03 . 2009-09-22 21:07 -------- d-----w- c:\program files\CCleaner
2010-03-01 21:30 . 2009-06-30 02:28 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-25 06:24 . 2004-08-10 04:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 05:32 . 2010-02-01 08:24 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-13 21:33 . 2010-01-13 21:33 139152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2010-01-13 21:33 . 2010-01-13 21:33 139152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2010 3:58 PM 162640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 11:01 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 66632]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2010 3:58 PM 19024]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 6:30 AM 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 6:30 AM 476528]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [8/17/2009 11:28 AM 93320]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp --> c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - ftsata2_2
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 02:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A3B6AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
\Driver\iaStor -> iaStor.sys @ 0xf7b1cb10
IoDeviceObjectType -> SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(296)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2012)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-04-10 03:02:38
ComboFix-quarantined-files.txt 2010-04-10 10:02
ComboFix2.txt 2010-04-09 23:36

Pre-Run: 34,099,933,184 bytes free
Post-Run: 34,061,537,280 bytes free

- - End Of File - - B6D0D6CC2FAF391C7410397EE1F674B8


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:30 AM

Posted 10 April 2010 - 08:55 AM

Hello,
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

After sucesfully disabling any drivers, please rerun Combofix

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 HelloJoe

HelloJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 10 April 2010 - 02:15 PM

Before combofix runs the scan it tells me avast may interrupt because it is running, I can only disable it on regular mode, it says the same thing on safe mode but it wouldn't even be running. I can't run combofix on regular mode without the computer blue screening than going in a loop of restarts. Well here's the log:


ComboFix 10-04-07.04 - HP_Administrator 04/10/2010 11:56:27.3.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1690 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-09 05:04 . 2010-04-09 05:04 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\WMTools Downloaded Files
2010-04-07 22:00 . 2010-04-07 22:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-04-07 21:59 . 2010-04-07 21:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-07 21:02 . 2010-04-07 21:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 02:34 . 2010-04-07 02:34 -------- d-----w- C:\Linksys Driver
2010-04-06 22:49 . 2010-04-06 22:49 198656 --sha-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\174836237.dll
2010-04-06 22:45 . 2010-04-06 22:45 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\avG
2010-04-06 22:45 . 2010-04-06 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-06 04:32 . 2010-04-06 04:32 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AdobeUM
2010-04-05 04:30 . 2010-04-05 04:35 56 --sh--r- c:\windows\system32\ECA109CB8B.sys
2010-04-05 04:30 . 2010-04-05 04:35 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-04-05 03:53 . 2010-04-05 03:53 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2010-04-05 03:53 . 2010-03-29 22:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 03:53 . 2010-04-05 03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 03:53 . 2010-03-29 22:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 03:52 . 2010-04-05 03:52 52224 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-05 01:49 . 2010-04-05 01:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-04 20:36 . 2010-04-04 20:36 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\PrivacIE
2010-04-04 20:25 . 2010-04-04 20:25 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-04-04 20:25 . 2010-04-04 20:25 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-04-04 03:31 . 2010-04-04 03:31 -------- d-----w- c:\program files\Jagex Games Studio
2010-04-04 01:04 . 2010-04-04 01:04 503808 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4365ea3f-n\msvcp71.dll
2010-04-04 01:04 . 2010-04-04 01:04 499712 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4365ea3f-n\jmc.dll
2010-04-04 01:04 . 2010-04-04 01:04 348160 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4365ea3f-n\msvcr71.dll
2010-04-04 01:04 . 2010-04-04 01:04 61440 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63638b8c-n\decora-sse.dll
2010-04-04 01:04 . 2010-04-04 01:04 12800 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-63638b8c-n\decora-d3d.dll
2010-04-04 01:03 . 2010-04-04 01:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 23:57 . 2010-04-04 20:37 -------- d-----w- c:\windows\ie8updates
2010-04-03 23:55 . 2010-04-04 03:36 -------- dc-h--w- c:\windows\ie8
2010-04-03 23:54 . 2010-02-25 06:24 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-03 23:54 . 2010-02-25 06:24 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-03 23:54 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-03 23:54 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-03 23:54 . 2010-02-25 06:24 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-03 23:53 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-03 23:47 . 2010-04-03 23:47 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData
2010-04-03 20:21 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-04-02 22:01 . 2010-04-03 00:14 -------- d-----w- c:\windows\system32\scripting
2010-04-02 22:01 . 2010-04-03 00:14 -------- d-----w- c:\windows\system32\en
2010-04-02 22:01 . 2010-04-03 00:14 -------- d-----w- c:\windows\system32\bits
2010-04-02 21:56 . 2008-04-13 18:56 12288 ------w- c:\windows\system32\drivers\tunmp.sys
2010-04-02 21:56 . 2008-04-13 18:40 11904 ------w- c:\windows\system32\drivers\sffdisk.sys
2010-04-02 21:56 . 2008-04-13 18:40 11008 ------w- c:\windows\system32\drivers\sffp_sd.sys
2010-04-02 21:56 . 2008-04-13 18:36 15488 ------w- c:\windows\system32\drivers\mssmbios.sys
2010-04-02 21:56 . 2008-04-13 18:36 79232 ------w- c:\windows\system32\drivers\sdbus.sys
2010-04-02 21:56 . 2008-04-13 18:31 37760 ------w- c:\windows\system32\drivers\amdk7.sys
2010-04-02 21:56 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-04-02 21:56 . 2008-04-13 18:45 30208 ------w- c:\windows\system32\drivers\usbehci.sys
2010-04-02 21:56 . 2008-04-13 18:45 19200 ------w- c:\windows\system32\drivers\hidir.sys
2010-04-02 21:55 . 2008-04-13 17:39 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-04-02 21:55 . 2008-04-13 18:53 36608 ------w- c:\windows\system32\drivers\ip6fw.sys
2010-04-02 21:55 . 2009-10-20 16:20 265728 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-02 21:55 . 2008-04-14 00:12 409088 ------w- c:\windows\system32\qmgr.dll
2010-04-02 21:55 . 2008-04-13 18:32 129792 ------w- c:\windows\system32\drivers\fltmgr.sys
2010-04-02 21:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-04-02 21:55 . 2010-04-02 21:55 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPQ
2010-04-01 01:50 . 2010-04-07 02:53 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\iConcertCal
2010-04-01 01:38 . 2010-04-01 01:39 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Adobe
2010-04-01 01:08 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-01 01:08 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-31 23:33 . 2010-04-09 05:15 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\vlc
2010-03-31 23:27 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-03-31 23:25 . 2006-11-06 22:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP8O.DLL
2010-03-31 23:25 . 2006-11-06 22:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD8O.DLL
2010-03-31 23:25 . 2006-11-06 22:00 198656 ----a-w- c:\windows\system32\CNMLM8O.DLL
2010-03-31 23:25 . 2010-03-31 23:25 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-03-31 23:22 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-03-31 23:22 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2010-03-31 23:21 . 2009-12-31 16:50 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-03-31 23:20 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-03-31 23:20 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-03-31 23:20 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-03-31 23:19 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-03-31 23:19 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-03-31 23:19 . 2009-12-04 18:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-31 23:18 . 2006-03-21 03:23 23040 ------w- c:\windows\kb913800.exe
2010-03-31 23:18 . 2010-04-02 03:34 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Apple Computer
2010-03-31 23:16 . 2010-03-31 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-03-31 23:14 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-03-31 23:14 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-03-31 23:14 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-03-31 23:14 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-03-31 23:14 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-03-31 23:14 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-31 23:14 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-03-31 23:14 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-31 23:14 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-03-31 23:14 . 2009-12-08 19:27 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-31 23:14 . 2009-12-08 19:26 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-31 23:14 . 2009-12-08 18:43 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-31 23:12 . 2010-03-31 23:12 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Apple
2010-03-31 23:11 . 2009-10-16 09:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-03-31 23:11 . 2009-10-16 09:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-31 23:11 . 2010-04-01 01:08 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-31 23:08 . 2010-03-31 23:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Apple Computer
2010-03-31 23:08 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-03-31 23:07 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-03-31 22:58 . 2010-03-09 11:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-31 22:58 . 2010-03-09 11:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-31 22:58 . 2010-03-09 11:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-31 22:58 . 2010-03-09 11:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-31 22:58 . 2010-03-09 11:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-31 22:58 . 2010-03-09 11:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-31 22:58 . 2010-03-09 11:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-31 22:58 . 2010-03-09 11:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-03-31 22:58 . 2010-03-09 11:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-31 22:58 . 2010-03-31 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-31 22:56 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-03-31 22:21 . 2010-03-31 22:21 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Aim
2010-03-31 22:10 . 2010-03-31 22:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Mozilla
2010-03-31 21:57 . 2003-10-13 23:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2010-03-31 21:57 . 2005-10-27 23:06 356096 ----a-w- c:\windows\system32\drivers\rt61.sys
2010-03-31 21:57 . 2003-09-26 06:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2010-03-31 21:57 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2010-03-31 21:57 . 2005-02-02 01:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2010-03-31 21:57 . 2005-02-02 01:18 17992 ----a-w- c:\windows\bcm42rly.sys
2010-03-31 08:43 . 2010-03-31 08:43 -------- d-----w- C:\TWWUSB_TEMP
2010-03-31 08:35 . 2010-03-31 08:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GarageGames
2010-03-31 08:35 . 2010-04-07 02:52 -------- d-----w- c:\documents and settings\HP_Administrator
2010-03-31 08:18 . 2010-03-31 08:18 -------- d-----w- c:\windows\system32\AGEIA
2010-03-31 08:16 . 2009-08-13 23:50 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-30 21:34 . 2010-03-30 21:34 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Hamachi
2010-03-30 04:11 . 2010-03-30 04:11 -------- d-----w- c:\program files\R-Studio
2010-03-30 02:25 . 2010-03-30 02:25 -------- d-----w- c:\program files\Recuva
2010-03-30 02:20 . 2010-03-30 02:20 552 ----a-w- c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 18:34 . 2010-04-05 18:37 1192123 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-10 08:02 . 2010-04-02 21:54 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-09 04:58 . 2010-03-30 01:28 1524 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat
2010-04-08 21:06 . 2010-04-02 21:54 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-04-08 19:29 . 2009-06-30 02:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-07 02:36 . 2006-02-15 20:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 23:29 . 2010-04-06 23:29 111597 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_06_16_10_44_small.dmp.zip
2010-04-06 23:10 . 2010-04-06 23:24 1609216 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-04-06 22:43 . 2010-04-06 22:44 1606144 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-06 05:47 . 2006-08-07 23:27 -------- d-----w- c:\program files\Warcraft III
2010-04-06 02:40 . 2010-01-19 20:05 -------- d-----w- c:\program files\Garena
2010-04-05 07:09 . 2010-04-05 07:09 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\CheckPoint
2010-04-05 07:09 . 2010-04-05 07:09 -------- d-----w- c:\program files\CheckPoint
2010-04-05 07:09 . 2010-04-05 07:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-04-05 07:09 . 2010-04-05 07:09 -------- d-----w- c:\program files\Zone Labs
2010-04-05 04:20 . 2009-08-17 18:28 -------- d-----w- c:\program files\McAfee
2010-04-04 23:20 . 2009-09-03 00:36 69 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences2.dat
2010-04-04 23:16 . 2009-06-15 00:43 41 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\jagex_runescape_preferences.dat
2010-04-04 01:04 . 2006-02-15 20:06 -------- d-----w- c:\program files\Common Files\Java
2010-04-03 03:32 . 2006-02-15 20:35 46824 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-03 00:17 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 00:16 . 2010-04-03 00:16 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-04-03 00:16 . 2010-04-03 00:16 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2010-04-03 00:16 . 2010-04-03 00:16 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-04-03 00:16 . 2010-04-03 00:16 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2010-04-03 00:16 . 2010-04-03 00:16 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2010-04-03 00:16 . 2010-04-03 00:16 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2010-04-03 00:16 . 2010-04-03 00:16 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2010-04-03 00:16 . 2010-04-03 00:16 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2010-04-03 00:16 . 2010-04-03 00:16 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2010-04-01 01:08 . 2008-10-10 05:55 -------- d-----w- c:\program files\iTunes
2010-04-01 01:08 . 2006-06-11 14:04 -------- d-----w- c:\program files\iPod
2010-03-31 23:34 . 2006-02-15 20:29 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-03-31 23:33 . 2006-02-15 20:25 -------- d-----w- c:\program files\Common Files\HP
2010-03-31 23:14 . 2008-04-18 22:45 -------- d-----w- c:\program files\QuickTime
2010-03-31 23:11 . 2006-10-11 22:14 -------- d-----w- c:\program files\Apple Software Update
2010-03-31 23:10 . 2009-09-30 21:39 -------- d-----w- c:\program files\Bonjour
2010-03-31 22:58 . 2009-06-22 22:23 -------- d-----w- c:\program files\Alwil Software
2010-03-31 22:21 . 2008-10-29 03:47 -------- d-----w- c:\program files\AIM
2010-03-30 21:02 . 2006-02-15 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-30 21:02 . 2006-02-15 21:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-30 08:37 . 2006-02-15 20:38 -------- d-----w- c:\program files\WildTangent
2010-03-30 01:38 . 2006-02-15 20:57 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2010-03-30 01:17 . 2010-03-30 01:17 1847 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER902AA-ABA a1450n_YC_0Pavi_QCNH608_E62NAemMPA1_48_INAGAMI_SASUSTek Computer INC._V1.02_B3.11_T060919_WXP2_L409_M2047_J250_7AMD_8Athlon 64 X2 Dual Core_92.2_#060611_N_Z11C10620_G10DE0640.MRK
2010-03-29 20:17 . 2010-03-11 07:55 -------- d-----w- c:\program files\D-Link
2010-03-28 19:28 . 2009-12-28 21:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2010-03-27 22:34 . 2006-09-10 00:34 23806 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2010-03-22 19:03 . 2010-03-03 00:29 439816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup3.10\setup.exe
2010-03-13 03:58 . 2009-04-18 00:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hamachi
2010-03-13 02:54 . 2006-08-07 23:50 108025 ----a-w- c:\windows\War3Unin.dat
2010-03-10 04:27 . 2010-01-14 01:30 -------- d-----w- c:\program files\Heroes of Newerth
2010-03-01 22:03 . 2009-09-22 21:07 -------- d-----w- c:\program files\CCleaner
2010-03-01 21:30 . 2009-06-30 02:28 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-25 06:24 . 2004-08-10 04:00 916480 ------w- c:\windows\system32\wininet.dll
2010-02-12 18:46 . 2010-02-12 18:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 18:46 . 2010-02-12 18:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 05:32 . 2010-02-01 08:24 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-13 21:33 . 2010-01-13 21:33 139152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2010-01-13 21:33 . 2010-01-13 21:33 139152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\d17c7ed6-a8f4-498b-b26d-0432dd093a1f.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-06 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-06 13877248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2010 3:58 PM 162640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [6/23/2009 11:01 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 66632]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2010 3:58 PM 19024]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 6:30 AM 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 6:30 AM 476528]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [8/17/2009 11:28 AM 93320]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp --> c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - ftsata2_2
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A34CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
\Driver\iaStor -> iaStor.sys @ 0xf7b1cb10
IoDeviceObjectType -> SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\BOTA6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(276)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-04-10 12:11:55
ComboFix-quarantined-files.txt 2010-04-10 19:11
ComboFix2.txt 2010-04-10 10:02
ComboFix3.txt 2010-04-09 23:36

Pre-Run: 34,238,558,208 bytes free
Post-Run: 34,199,248,896 bytes free

- - End Of File - - 632A1E7FCB117794A31C9C2C5912AC68





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users