Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Microsoft Cortana Flaw Could Allow Browsing on Locked Systems

Featured Deal: Get 91% off a SitePoint Premium Courses: Lifetime Subscription Deal

Photo

Unknown Malware

Started by edeekremer , Oct 25 2010 08:11 AM

  • This topic is locked This topic is locked
53 replies to this topic

#1 edeekremer

edeekremer

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 25 October 2010 - 08:11 AM

Hello this is the dds as gmer log from my computer malware is showing nothing and I am still getting the popups Thanks for all the help

gmer log

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-25 06:03:04
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pfdciuow.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 858F6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 858F6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 858F6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 858F6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 858F6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 858F6292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP5T1L0-14 858F6292

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskHDT722516DLA380_________________________V43OA80A#5&21c8b376&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----


dds log


DDS (Ver_10-10-21.02) - NTFSx86
Run by HP_Administrator at 6:04:58.28 on Mon 10/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.271 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\ddsk1.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ktvz.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Consumer
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287622308500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\ihrszu8y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ktvz.com/
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-10-22 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-10-22 59664]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-24 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-24 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-24 60936]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-3-4 185960]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-3-4 239264]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-3-4 177768]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-3-24 127088]
R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-2-4 53896]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2010-9-21 327000]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20051003.006\NAVENG.Sys [2005-12-8 77816]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20051003.006\NavEx15.Sys [2005-12-8 665816]
R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-2-4 324232]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2005-3-4 83560]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-20 38224]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\128.tmp --> c:\windows\system32\128.tmp [?]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-2-17 198368]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-10-22 33552]
S3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]

=============== Created Last 30 ================

2010-10-25 00:07:26 -------- d-sha-r- C:\cmdcons
2010-10-24 17:40:03 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Avira
2010-10-24 17:37:11 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-24 17:37:08 -------- d-----w- c:\program files\Avira
2010-10-24 17:37:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-10-24 17:31:15 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Adobe
2010-10-24 12:37:47 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-10-24 12:37:47 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-10-24 12:37:46 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2010-10-23 04:36:12 -------- d-----w- c:\windows\system32\appmgmt
2010-10-22 21:31:35 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-10-22 21:31:35 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-10-22 21:31:34 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-10-22 21:27:24 -------- d-----w- c:\program files\Spyware Doctor
2010-10-22 21:24:52 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\GetRightToGo
2010-10-22 18:03:28 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG
2010-10-22 13:44:52 24960 ----a-r- c:\windows\system32\drivers\ATWPKT2.SYS
2010-10-22 13:44:45 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-10-21 15:05:27 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\AVG10
2010-10-21 14:59:11 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-21 14:56:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-21 14:55:19 -------- d-----w- c:\program files\AVG
2010-10-21 14:48:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-21 04:19:18 -------- d-----w- c:\program files\Sophos
2010-10-21 03:56:25 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2010-10-21 03:56:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-21 03:56:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-21 03:56:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-21 03:56:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-21 03:34:03 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Help
2010-10-21 02:16:56 -------- d-sh--w- c:\documents and settings\hp_administrator\IECompatCache
2010-10-21 02:16:26 -------- d-sh--w- c:\documents and settings\hp_administrator\PrivacIE
2010-10-21 02:13:16 -------- d-sh--w- c:\documents and settings\hp_administrator\IETldCache
2010-10-21 01:15:22 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Mozilla
2010-10-21 01:04:08 110080 ----a-r- c:\docume~1\hp_adm~1\applic~1\microsoft\installer\{f545f05e-5cd5-4fc9-b02b-94affb74b678}\IconF7A21AF7.exe
2010-10-21 01:04:08 110080 ----a-r- c:\docume~1\hp_adm~1\applic~1\microsoft\installer\{f545f05e-5cd5-4fc9-b02b-94affb74b678}\IconD7F16134.exe
2010-10-21 01:04:04 -------- d-----w- C:\sh4ldr
2010-10-21 01:04:04 -------- d-----w- c:\program files\Enigma Software Group
2010-10-21 01:03:41 -------- d-----w- c:\windows\F545F05E5CD54FC9B02B94AFFB74B678.TMP
2010-10-21 00:50:31 -------- d-sh--w- c:\documents and settings\hp_administrator\UserData
2010-10-21 00:31:55 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-10-21 00:31:51 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-21 00:31:44 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-21 00:31:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-21 00:31:37 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-21 00:31:37 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-21 00:31:35 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-21 00:31:25 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-10-21 00:31:22 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-10-21 00:00:30 -------- d-----w- c:\program files\SymNetDrv
2010-10-20 23:51:24 -------- d-----w- c:\windows\setupupd
2010-10-20 22:48:13 -------- d-sh--r- c:\windows\system32\dllcache
2010-10-20 16:30:58 0 ----a-w- c:\windows\Tlegacirojikeh.bin
2010-10-20 16:28:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\WSTB

==================== Find3M ====================


============= FINISH: 6:07:04.67 ===============

BC AdBot (Login to Remove)

 

#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 02 November 2010 - 06:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#3 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 04 November 2010 - 09:44 PM

Good evening

Yes I have resolved the major problems I was having that being think point and ad pop ups. still getting hijacking alerts when I run IE but not when I run Firefox will create new logs and post this evening if You could review them and tell me what I need to do next to make sure my system is clean I would gratly apperciate it.
Thank You Elmer

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 05 November 2010 - 07:11 AM

Will do, I'll keep an eye out for the logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#5 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 05 November 2010 - 08:34 AM

Ok here are the otl and dds logs when I ran gmer it locked up and did not finish also I have gotten about 5 critical errors and restarts in the last week.


DDS (Ver_10-11-03.01) - NTFSx86
Run by HP_Administrator at 20:59:01.44 on Thu 11/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.406 [GMT -7:00]

AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Internet Security 2011 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
svchost.exe
svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe
svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
mRun: [AlwaysReady Power Message APP] "ARPWRMSG.EXE"
mRun: [HPHUPD08] "c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe"
mRun: [DiscUpdateManager] "c:\program files\disc\DiscUpdateMgr.exe"
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPwuSchd2.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg10\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2011\Inicio.exe"
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avldr - avldr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-11-2 125304]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-31 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-11-1 76296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-11-1 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-11-1 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-11-1 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-11-1 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-11-1 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-11-1 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-11-1 59080]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2011\PsCtrlS.exe [2010-11-1 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2011\PavFnSvr.exe [2010-11-1 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-11-1 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-11-1 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2011\pavsrvx86.exe [2010-11-1 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2011\psksvc.exe [2010-11-1 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-11-1 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [2010-11-1 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-10-11 6104656]

=============== Created Last 30 ================

2010-11-04 22:45:20 -------- d-----w- c:\program files\LSI SoftModem
2010-11-04 16:49:55 -------- d-----w- c:\docume~1\hp_adm~1.000\applic~1\SUPERAntiSpyware.com
2010-11-04 13:28:33 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-04 12:04:29 -------- d-----w- c:\docume~1\hp_adm~1.000\locals~1\applic~1\Adobe
2010-11-03 22:13:55 -------- d-----w- C:\TDSSKiller_Quarantine
2010-11-02 21:15:17 125304 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-11-02 13:25:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 13:25:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-01 23:34:55 13312 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-11-01 21:17:32 -------- d-----w- c:\windows\system32\scripting
2010-11-01 21:17:30 -------- d-----w- c:\windows\system32\en
2010-11-01 21:17:30 -------- d-----w- c:\windows\system32\bits
2010-11-01 21:11:28 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-11-01 21:02:59 788992 ----a-w- c:\windows\system32\dllcache\sprb0407.dll
2010-11-01 21:01:59 8704 ----a-w- c:\windows\system32\dllcache\batt.dll
2010-11-01 21:00:59 96768 ----a-w- c:\windows\system32\psbase.dll
2010-11-01 15:17:24 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-11-01 15:15:24 -------- d-----w- c:\docume~1\hp_adm~1.000\locals~1\applic~1\Panda Security
2010-11-01 15:10:59 226828 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-11-01 15:10:53 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-11-01 15:10:52 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-11-01 15:10:52 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-11-01 15:10:34 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-11-01 15:10:34 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-11-01 15:10:34 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-11-01 15:10:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Backup
2010-11-01 15:09:54 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-11-01 15:09:41 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-11-01 15:09:28 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-11-01 15:09:27 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-11-01 15:09:27 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-11-01 15:09:27 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-11-01 15:09:26 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-11-01 15:09:14 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-11-01 15:09:02 55552 ----a-w- c:\windows\system32\avldr.dll
2010-11-01 15:09:01 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-11-01 15:09:00 -------- d-----w- c:\windows\system32\PAV
2010-11-01 15:08:57 -------- d-----w- c:\docume~1\hp_adm~1.000\applic~1\Panda Security
2010-11-01 15:07:42 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-11-01 15:07:41 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-11-01 15:07:41 -------- d-----w- c:\program files\common files\Panda Security
2010-11-01 15:05:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-11-01 14:43:51 -------- d-----w- c:\windows\system32\appmgmt
2010-11-01 13:25:28 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2010-11-01 13:25:28 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2010-11-01 13:25:28 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2010-11-01 13:25:28 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2010-11-01 13:25:28 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2010-11-01 13:25:25 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2010-11-01 13:25:24 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2010-11-01 13:12:42 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-11-01 13:12:42 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-11-01 13:12:42 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-11-01 13:12:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-01 13:12:40 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-01 13:12:39 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-11-01 13:12:37 11080192 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-10-31 22:43:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 22:43:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 22:43:17 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-31 19:17:08 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2010-10-31 18:24:53 -------- d-----w- c:\windows\system32\PreInstall
2010-10-31 17:49:41 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-31 15:00:54 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-10-30 05:16:08 -------- d-----w- c:\docume~1\hp_adm~1.000\locals~1\applic~1\PackageAware
2010-10-29 15:33:28 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-10-29 15:31:03 -------- d-----w- C:\27a50a063a0423267713549d013703d4
2010-10-29 15:12:13 -------- d-sh--w- c:\documents and settings\hp_administrator.your-4dacd0ea75.000\UserData
2010-10-28 22:49:18 -------- d--h--w- C:\$AVG
2010-10-28 22:14:16 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-28 21:05:27 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-28 21:05:26 -------- d-----w- c:\program files\Prevx
2010-10-28 21:05:20 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2010-10-28 21:01:13 -------- d-----w- c:\program files\SpywareBlaster
2010-10-28 16:23:12 -------- d-sh--r- C:\cmdcons
2010-10-28 16:22:59 -------- d-----w- c:\windows\setupupd
2010-10-28 16:22:23 -------- d-----w- c:\docume~1\hp_adm~1.000\locals~1\applic~1\Mozilla
2010-10-28 16:18:59 -------- d-sh--w- c:\documents and settings\hp_administrator.your-4dacd0ea75.000\PrivacIE
2010-10-28 16:18:59 -------- d-----w- c:\documents and settings\hp_administrator.your-4dacd0ea75.000\WINDOWS
2010-10-28 16:18:59 -------- d-----w- c:\docume~1\hp_adm~1.000\locals~1\applic~1\Microsoft
2010-10-28 16:18:59 -------- d-----w- c:\docume~1\hp_adm~1.000\locals~1\applic~1\{3248F0A6-6813-11D6-A77B-00B0D0150050}
2010-10-28 16:04:58 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-28 14:30:07 -------- d-sh--r- c:\windows\system32\dllcache
2010-10-27 11:49:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Update
2010-10-26 02:06:06 -------- d-----w- c:\program files\Panda Security
2010-10-26 02:06:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-10-25 19:52:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-25 19:52:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-24 12:37:47 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-10-24 12:37:47 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-10-24 12:37:46 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2010-10-22 21:27:24 -------- d-----w- c:\program files\Spyware Doctor
2010-10-21 14:59:11 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-10-21 14:56:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-10-21 14:55:19 -------- d-----w- c:\program files\AVG
2010-10-21 14:48:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-10-21 04:19:18 -------- d-----w- c:\program files\Sophos
2010-10-21 03:56:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-21 03:56:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-21 01:04:04 -------- d-----w- c:\program files\Enigma Software Group
2010-10-21 00:00:30 -------- d-----w- c:\program files\SymNetDrv
2010-10-20 16:30:58 0 ----a-w- c:\windows\Tlegacirojikeh.bin
2010-10-20 16:28:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\WSTB

==================== Find3M ====================

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 21:02:05.45 ===============

OTL logfile created on: 11/4/2010 7:55:49 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 219.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 67.83 Gb Free Space | 48.27% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.13 Gb Free Space | 13.28% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 19:46:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\OTL.exe
PRC - [2010/10/31 11:06:22 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/31 11:06:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/29 01:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/13 01:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/26 03:52:15 | 000,988,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
PRC - [2010/08/16 05:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\psksvc.exe
PRC - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
PRC - [2010/05/28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
PRC - [2010/04/22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\WebProxy.exe
PRC - [2010/02/23 12:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
PRC - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2011\FIREWALL\PSHost.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrlS.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/06/27 13:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\SrvLoad.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2005/09/27 00:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/08/03 00:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/21 13:53:24 | 000,245,760 | ---- | M] (BTC) -- C:\Program Files\HP Wireless Keyboard\Kmaestro.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 19:46:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\OTL.exe
MOD - [2009/08/10 13:45:54 | 000,095,488 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavOEpl.dll
MOD - [2009/03/30 18:22:58 | 000,518,400 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2007/02/08 10:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2004/08/10 12:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/06/15 15:32:12 | 000,018,476 | ---- | M] (BTC) -- C:\Program Files\HP Wireless Keyboard\HidKeybd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\qagentrt.dll -- (napagent)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\kmsvc.dll -- (hkmsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (Dot3svc)
SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/29 01:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe -- (TPSrv)
SRV - [2010/09/13 01:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/16 05:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 20:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2010/11/04 15:50:55 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2010/11/02 14:24:18 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/06/22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 13:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 19:31:20 | 000,199,688 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1642.sys -- (NETIMFLT01060042)
DRV - [2010/02/18 19:31:18 | 000,076,296 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/27 12:07:42 | 000,037,896 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2009/09/25 14:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 14:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 14:54:04 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/09/25 14:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 14:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/09/14 16:18:22 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/09 05:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/10/18 13:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/04 00:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 14:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/01/08 01:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/28 15:14:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 11:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 15:43:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2005/12/08 15:39:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/10/28 09:24:35 | 000,000,000 | ---D | M]

[2010/10/28 09:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Mozilla\Extensions
[2010/10/28 09:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Mozilla\Firefox\Profiles\ieiyz0x4.default\extensions
[2010/11/04 13:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/31 15:43:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/31 15:42:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/20 08:33:42 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP Wireless Keyboard\KMaestro.exe (BTC)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.160.6 216.228.160.7 216.228.160.8 216.228.160.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/08 15:54:44 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: napagent - C:\WINDOWS\System32\qagentrt.dll File not found
NetSvcs: hkmsvc - C:\WINDOWS\System32\kmsvc.dll File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe - (Hewlett-Packard)
MsConfig - StartUpReg: ccApp - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\ccApp.exe File not found
MsConfig - StartUpReg: DISCover - hkey= - key= - C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
MsConfig - StartUpReg: SSC_UserPrompt - hkey= - key= - c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe File not found
MsConfig - StartUpReg: URLLSTCK.exe - hkey= - key= - c:\Program Files\Norton Internet Security\UrlLstCk.exe File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70100879952314368)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/04 19:46:30 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\OTL.exe
[2010/11/04 15:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/11/04 09:49:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\SUPERAntiSpyware.com
[2010/11/04 06:28:33 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/11/04 05:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Adobe
[2010/11/03 15:13:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/11/02 14:15:17 | 000,125,304 | ---- | C] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010/11/02 06:25:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/02 06:25:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/01 14:17:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/11/01 14:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/01 14:17:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/01 14:17:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/01 14:03:03 | 000,736,768 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\sprb0419.dll
[2010/11/01 14:03:03 | 000,427,008 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\obrb0419.dll
[2010/11/01 14:03:03 | 000,192,512 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\spra0419.dll
[2010/11/01 14:02:19 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/11/01 14:02:19 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/11/01 13:25:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Recent
[2010/11/01 08:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Panda Security
[2010/11/01 08:10:53 | 000,046,856 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys
[2010/11/01 08:10:52 | 000,193,800 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys
[2010/11/01 08:10:52 | 000,053,256 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys
[2010/11/01 08:10:34 | 000,159,112 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS
[2010/11/01 08:10:34 | 000,076,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS
[2010/11/01 08:10:34 | 000,022,024 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys
[2010/11/01 08:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Backup
[2010/11/01 08:09:54 | 000,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl
[2010/11/01 08:09:41 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2010/11/01 08:09:28 | 000,193,792 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll
[2010/11/01 08:09:27 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL
[2010/11/01 08:09:27 | 000,087,296 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll
[2010/11/01 08:09:27 | 000,055,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll
[2010/11/01 08:09:26 | 000,518,400 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll
[2010/11/01 08:09:14 | 000,199,688 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1642.sys
[2010/11/01 08:09:02 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\WINDOWS\System32\avldr.dll
[2010/11/01 08:09:01 | 000,059,080 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\amm8651.sys
[2010/11/01 08:09:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV
[2010/11/01 08:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Panda Security
[2010/11/01 08:07:42 | 000,037,896 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys
[2010/11/01 08:07:41 | 000,163,336 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys
[2010/11/01 08:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2010/11/01 08:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/11/01 07:43:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/10/31 15:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/31 15:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Sun
[2010/10/31 11:24:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/10/31 10:49:41 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/31 08:00:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/10/29 22:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/10/29 22:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\PackageAware
[2010/10/29 08:33:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/10/29 08:31:03 | 000,000,000 | ---D | C] -- C:\27a50a063a0423267713549d013703d4
[2010/10/29 08:12:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\UserData
[2010/10/28 15:49:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/10/28 15:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/10/28 15:14:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/10/28 14:05:27 | 000,076,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/10/28 14:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/10/28 14:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/10/28 14:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/10/28 09:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\Downloads
[2010/10/28 09:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Macromedia
[2010/10/28 09:24:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Adobe
[2010/10/28 09:23:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/28 09:22:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010/10/28 09:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Mozilla
[2010/10/28 09:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Mozilla
[2010/10/28 09:19:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft
[2010/10/28 09:19:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data
[2010/10/28 09:19:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Favorites
[2010/10/28 09:19:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\IETldCache
[2010/10/28 09:19:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Cookies
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Symantec
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Real
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Malwarebytes
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Intuit
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Identities
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Google
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Digital Interactive Systems Corporation
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\AVG10
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\ApplicationHistory
[2010/10/28 09:19:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\AOL
[2010/10/28 09:18:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\SendTo
[2010/10/28 09:18:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Start Menu
[2010/10/28 09:18:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\My Videos
[2010/10/28 09:18:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\My Pictures
[2010/10/28 09:18:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\My Music
[2010/10/28 09:18:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents
[2010/10/28 09:18:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\PrivacIE
[2010/10/28 09:18:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Templates
[2010/10/28 09:18:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\PrintHood
[2010/10/28 09:18:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\NetHood
[2010/10/28 09:18:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings
[2010/10/28 09:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\WINDOWS
[2010/10/28 09:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Microsoft
[2010/10/28 09:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2010/10/28 07:30:07 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/10/27 04:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/10/25 19:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/25 19:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/10/25 12:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/25 12:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/10/24 16:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/10/22 14:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/10/21 07:59:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/21 07:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/21 07:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/10/21 07:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/20 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/10/20 20:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/20 20:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 18:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/10/20 17:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\SymNetDrv
[2010/10/20 09:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2010/10/20 07:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2010/11/04 20:04:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E0DCC59F-35AE-42BA-B0ED-820E395F136E}.job
[2010/11/04 19:51:02 | 000,295,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\mtntzl0k.exe
[2010/11/04 19:47:51 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\Defogger.exe
[2010/11/04 19:46:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\OTL.exe
[2010/11/04 19:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/04 18:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/04 18:12:20 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job
[2010/11/04 18:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/11/04 17:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/04 17:13:53 | 098,428,925 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/04 16:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/04 15:56:44 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/11/04 15:51:23 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2010/11/04 15:51:23 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2010/11/04 15:51:23 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2010/11/04 15:51:23 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2010/11/04 15:51:22 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010/11/04 15:51:22 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/11/04 15:51:22 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2010/11/04 15:51:22 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2010/11/04 15:51:22 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2010/11/04 15:51:22 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2010/11/04 15:51:22 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2010/11/04 15:51:22 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2010/11/04 15:51:20 | 000,418,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2010/11/04 15:51:20 | 000,418,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2010/11/04 15:50:55 | 000,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/11/04 15:49:31 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2010/11/04 15:49:31 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2010/11/04 15:49:29 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2010/11/04 15:49:29 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2010/11/04 15:47:39 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\Registry Reviver-HP_Administrator-Startup.job
[2010/11/04 15:47:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 15:47:15 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/04 15:41:37 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/04 15:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/04 14:39:15 | 000,000,574 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2010/11/04 14:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/04 13:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/04 12:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/04 11:43:23 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010/11/04 11:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/04 10:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/04 09:50:09 | 000,226,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/11/04 09:50:09 | 000,226,828 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/11/04 09:49:21 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/04 09:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/04 08:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/04 07:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/04 06:33:57 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\My Computer.lnk
[2010/11/04 06:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/04 05:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/04 04:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/04 03:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/04 02:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/04 01:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/04 00:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/03 23:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/03 22:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/03 21:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/03 20:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/02 14:24:18 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) -- C:\WINDOWS\System32\drivers\dwprot.sys
[2010/11/02 06:25:22 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/01 17:16:40 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/01 16:57:55 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/01 16:45:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/01 08:30:57 | 000,008,627 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\PAV_FOG.OPC
[2010/11/01 08:11:08 | 000,001,795 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Internet Security 2011.lnk
[2010/11/01 08:11:08 | 000,000,262 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/11/01 03:05:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls_{079B0239-1D54-11DF-ADB6-00038A000015}.job
[2010/11/01 02:23:11 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/01 02:23:11 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/31 21:32:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/10/31 11:35:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/10/29 08:01:11 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\cc_20101029_080103.reg
[2010/10/29 08:00:09 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/28 15:16:05 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/28 14:05:27 | 000,076,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/10/28 14:05:20 | 000,000,104 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/10/28 14:01:18 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\SpywareBlaster.lnk
[2010/10/28 09:26:53 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\housecall.guid.cache
[2010/10/28 09:20:28 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/10/28 09:19:58 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy Internet Sign-up.lnk
[2010/10/28 09:19:58 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/10/28 09:18:47 | 000,001,063 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/10/28 09:18:13 | 000,000,211 | RHS- | M] () -- C:\Boot.bak
[2010/10/24 10:09:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2010/10/24 10:09:43 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/10/24 10:09:42 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/10/24 10:09:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/10/24 05:37:53 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/22 09:04:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/20 20:06:01 | 000,000,500 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/10/20 10:15:35 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/10/20 09:30:58 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wtafedidayiyuk.dat
[2010/10/20 09:30:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Tlegacirojikeh.bin
[2010/10/11 21:09:03 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010/11/04 19:51:01 | 000,295,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\mtntzl0k.exe
[2010/11/04 19:47:51 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\Defogger.exe
[2010/11/04 17:13:53 | 098,428,925 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/04 06:33:57 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\My Computer.lnk
[2010/11/01 14:06:29 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/11/01 14:03:00 | 000,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/11/01 14:02:58 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/11/01 14:02:58 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/11/01 14:02:53 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/11/01 14:02:52 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/11/01 14:02:48 | 000,759,966 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2010/11/01 14:02:41 | 000,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nt5inf.cat
[2010/11/01 14:02:34 | 000,079,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2010/11/01 14:02:32 | 000,216,862 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2010/11/01 14:02:29 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fp4.cat
[2010/11/01 14:02:28 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/11/01 14:02:25 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ims.cat
[2010/11/01 14:02:24 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/11/01 14:02:23 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/11/01 14:02:23 | 000,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2010/11/01 14:02:23 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msmsgs.cat
[2010/11/01 14:02:22 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mstsweb.cat
[2010/11/01 14:02:20 | 002,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nt5.cat
[2010/11/01 14:02:18 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll
[2010/11/01 14:02:17 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tshoot.dll
[2010/11/01 14:02:17 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sstub.dll
[2010/11/01 14:02:08 | 000,460,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2010/11/01 14:02:08 | 000,383,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2010/11/01 14:02:08 | 000,355,436 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2010/11/01 14:02:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/11/01 14:01:54 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compatui.dll
[2010/11/01 14:01:47 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/11/01 14:01:47 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/11/01 14:01:42 | 000,498,205 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/11/01 14:01:28 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/11/01 14:01:23 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/11/01 14:01:21 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2010/11/01 14:01:21 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/11/01 14:01:21 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/11/01 14:01:03 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010/11/01 14:01:03 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2010/11/01 14:00:59 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/11/01 14:00:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/11/01 14:00:58 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/11/01 14:00:58 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/11/01 14:00:58 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/11/01 14:00:58 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/11/01 14:00:35 | 000,009,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2010/11/01 14:00:20 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/11/01 14:00:16 | 000,250,032 | ---- | C] () -- C:\ntldr
[2010/11/01 08:35:06 | 000,000,018 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\panda id.txt
[2010/11/01 08:23:45 | 000,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010/11/01 08:17:58 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\PAV_FOG.OPC
[2010/11/01 08:17:24 | 000,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/11/01 08:11:08 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Internet Security 2011.lnk
[2010/11/01 08:11:08 | 000,000,262 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/11/01 08:10:59 | 000,226,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/11/01 08:10:59 | 000,226,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/11/01 08:10:59 | 000,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010/11/01 08:10:59 | 000,001,132 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/11/01 07:48:00 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\LuResult.txt
[2010/10/30 15:07:40 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/29 08:01:07 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\My Documents\cc_20101029_080103.reg
[2010/10/29 08:00:09 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/10/28 15:16:05 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/10/28 14:01:18 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\SpywareBlaster.lnk
[2010/10/28 09:26:53 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\housecall.guid.cache
[2010/10/28 09:19:58 | 000,000,480 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2010/10/28 09:19:01 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk
[2010/10/28 09:19:01 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2010/10/28 09:19:01 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk
[2010/10/28 09:19:01 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/28 09:19:01 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\fusioncache.dat
[2010/10/28 09:19:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/28 09:18:33 | 000,002,197 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BLOCKBUSTER Online.lnk
[2010/10/28 09:18:33 | 000,002,088 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Latino 3 Meses Incluidos.lnk
[2010/10/28 09:18:33 | 000,001,944 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 3 Months Included.lnk
[2010/10/28 09:18:33 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2010/10/28 09:18:33 | 000,001,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Extended Service Plans.lnk
[2010/10/28 09:18:32 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/10/27 19:49:55 | 000,000,574 | -H-- | C] () -- C:\WINDOWS\tasks\Norton Security Scan for Administrator.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 04:49:28 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/27 04:49:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/27 04:49:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/27 04:49:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/27 04:49:27 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/20 20:56:15 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 11:14:59 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2010/10/20 11:14:58 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office 2003 Edition 60 Days Trial Welcome Tour.lnk
[2010/10/20 11:14:58 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken 2006 New User Edition.lnk
[2010/10/20 09:30:58 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wtafedidayiyuk.dat
[2010/10/20 09:30:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Tlegacirojikeh.bin
[2010/10/20 07:26:40 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/21 16:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/01/21 16:17:34 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Drivers
[2010/01/21 16:17:34 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/21 16:12:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\MIDI Configurations
[2010/01/21 16:12:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/05/02 10:43:41 | 000,000,782 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/04/30 18:35:23 | 000,000,122 | ---- | C] () -- C:\WINDOWS\DMI.INI
[2009/03/21 16:08:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup32.INI
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/29 20:55:10 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/13 10:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/03/11 19:57:08 | 000,000,472 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/03/08 19:13:04 | 000,000,062 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2008.ini
[2007/05/13 15:36:03 | 000,000,181 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/02/18 17:55:38 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/19 12:37:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2006/11/19 12:22:55 | 000,002,770 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006/08/28 19:49:51 | 000,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2006/03/19 10:59:07 | 000,000,085 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/03/19 10:58:53 | 000,002,552 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2006/03/18 11:43:56 | 000,004,780 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/03/03 23:37:10 | 000,000,114 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/12/08 16:24:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 16:02:22 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/08 15:58:01 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/08 15:57:53 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/08 15:55:22 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/08 15:51:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/08 15:46:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/08 15:46:59 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/08 15:46:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/08 15:46:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/08 15:46:59 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/08 15:46:59 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/08 15:41:06 | 000,000,104 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/08 15:40:05 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/08 15:28:14 | 000,001,434 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/12/08 15:27:13 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/12/08 15:11:23 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/08 15:04:29 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/08 15:04:29 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/08 15:04:04 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 13:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 05:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 22:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/22 16:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2005/12/08 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Digital Interactive Systems Corporation
[2010/10/28 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7Wonders2
[2010/05/20 21:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/01/21 16:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2010/11/01 06:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/04/06 10:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2010/11/01 08:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2006/05/05 20:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Catalog.LiveSubscribe
[2009/11/27 23:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2010/10/28 15:16:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/05/06 08:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/03/03 13:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/04/13 19:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/01/21 16:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/10/20 14:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FireGlow
[2006/10/14 10:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Forge of Games
[2008/05/14 18:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friday's games
[2008/04/19 22:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friends Games
[2008/04/06 08:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2010/05/26 14:26:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2009/12/27 10:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2008/10/17 22:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
[2010/01/21 16:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\howto
[2009/04/23 21:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2006/11/29 14:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/04/13 19:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2006/11/19 12:25:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/12/23 18:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masque
[2010/10/21 07:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/05/29 04:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\minigolfVUG
[2007/05/29 04:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MinigolfVUG_TacoBell3
[2010/03/20 18:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/05/18 22:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/11/13 21:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/01/21 16:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/11/01 08:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/02/19 05:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/04/27 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/01 20:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/08/16 20:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2006/03/07 16:42:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/10/28 15:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/01/13 09:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/02/08 17:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2008/12/08 22:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/09/28 20:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2010/03/23 21:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/10/25 17:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/04 23:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/01/21 16:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/10/28 18:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2006/03/03 21:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/19 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/11/21 18:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win
[2010/10/24 16:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WSTB
[2006/05/28 09:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/06 21:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/24 20:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/10/22 16:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\AVG10
[2005/12/08 15:38:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Digital Interactive Systems Corporation
[2008/02/10 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SDSD
[2010/11/04 03:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/04 12:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/03 22:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/04 08:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/04 16:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/04 06:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/11/03 20:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/03 21:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/04 10:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/04 13:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/03 23:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/04 05:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/04 17:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/04 15:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/04 07:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/04 09:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/04 19:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/11/04 04:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/04 00:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/11/04 01:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/04 02:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/04 11:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/04 18:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/04 14:28:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/28 09:19:58 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job
[2010/11/01 03:05:00 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Privacy Controls_{079B0239-1D54-11DF-ADB6-00038A000015}.job
[2010/11/04 18:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/10/24 10:09:42 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/10/24 10:09:41 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/10/24 10:09:43 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2010/10/24 10:09:43 | 000,000,394 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2010/11/04 15:47:39 | 000,000,400 | ---- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-HP_Administrator-Startup.job
[2010/10/20 20:06:01 | 000,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/11/04 20:04:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E0DCC59F-35AE-42BA-B0ED-820E395F136E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/26 04:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 21:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 21:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 21:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/10/28 06:17:56 | 016,580,167 | ---- | M] () -- C:\1.txt
[2006/03/27 12:25:55 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/03/27 12:25:55 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2007/07/20 01:48:20 | 001,348,242 | ---- | M] () -- C:\Apr2005_d3dx9_25_x64.cab
[2007/07/20 01:48:20 | 001,079,850 | ---- | M] () -- C:\Apr2005_d3dx9_25_x86.cab
[2007/07/20 01:48:20 | 001,398,718 | ---- | M] () -- C:\Apr2006_d3dx9_30_x64.cab
[2007/07/20 01:48:20 | 001,116,109 | ---- | M] () -- C:\Apr2006_d3dx9_30_x86.cab
[2007/07/20 01:48:20 | 000,917,318 | ---- | M] () -- C:\Apr2006_MDX1_x86.cab
[2007/07/20 01:48:20 | 004,163,518 | ---- | M] () -- C:\Apr2006_MDX1_x86_Archive.cab
[2007/07/20 01:48:20 | 000,180,021 | ---- | M] () -- C:\Apr2006_XACT_x64.cab
[2007/07/20 01:48:20 | 000,133,991 | ---- | M] () -- C:\Apr2006_XACT_x86.cab
[2007/07/20 01:48:20 | 000,087,989 | ---- | M] () -- C:\Apr2006_xinput_x64.cab
[2007/07/20 01:48:20 | 000,046,898 | ---- | M] () -- C:\Apr2006_xinput_x86.cab
[2007/07/20 01:48:20 | 000,702,212 | ---- | M] () -- C:\APR2007_d3dx10_33_x64.cab
[2007/07/20 01:48:20 | 000,699,465 | ---- | M] () -- C:\APR2007_d3dx10_33_x86.cab
[2007/07/20 01:48:20 | 001,610,958 | ---- | M] () -- C:\APR2007_d3dx9_33_x64.cab
[2007/07/20 01:48:20 | 001,609,639 | ---- | M] () -- C:\APR2007_d3dx9_33_x86.cab
[2007/07/20 01:48:22 | 000,199,366 | ---- | M] () -- C:\APR2007_XACT_x64.cab
[2007/07/20 01:48:22 | 000,154,825 | ---- | M] () -- C:\APR2007_XACT_x86.cab
[2007/07/20 01:48:22 | 000,100,417 | ---- | M] () -- C:\APR2007_xinput_x64.cab
[2007/07/20 01:48:22 | 000,056,902 | ---- | M] () -- C:\APR2007_xinput_x86.cab
[2007/07/20 01:48:22 | 001,351,430 | ---- | M] () -- C:\Aug2005_d3dx9_27_x64.cab
[2007/07/20 01:48:22 | 001,078,532 | ---- | M] () -- C:\Aug2005_d3dx9_27_x86.cab
[2007/07/20 01:48:22 | 000,183,863 | ---- | M] () -- C:\AUG2006_XACT_x64.cab
[2007/07/20 01:48:22 | 000,138,195 | ---- | M] () -- C:\AUG2006_XACT_x86.cab
[2007/07/20 01:48:22 | 000,088,102 | ---- | M] () -- C:\AUG2006_xinput_x64.cab
[2007/07/20 01:48:22 | 000,047,018 | ---- | M] () -- C:\AUG2006_xinput_x86.cab
[2007/07/20 02:19:00 | 000,855,886 | ---- | M] () -- C:\AUG2007_d3dx10_35_x64.cab
[2007/07/20 02:19:00 | 000,800,467 | ---- | M] () -- C:\AUG2007_d3dx10_35_x86.cab
[2007/07/20 02:19:00 | 001,803,760 | ---- | M] () -- C:\AUG2007_d3dx9_35_x64.cab
[2007/07/20 02:18:56 | 001,711,752 | ---- | M] () -- C:\AUG2007_d3dx9_35_x86.cab
[2007/07/20 02:18:58 | 000,201,696 | ---- | M] () -- C:\AUG2007_XACT_x64.cab
[2007/07/20 02:18:56 | 000,156,612 | ---- | M] () -- C:\AUG2007_XACT_x86.cab
[2005/12/08 15:54:44 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/06/18 10:43:45 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2007/07/20 01:48:18 | 001,156,363 | ---- | M] () -- C:\BDANT.cab
[2007/07/20 01:48:18 | 000,976,020 | ---- | M] () -- C:\BDAXP.cab
[2010/10/28 09:18:13 | 000,000,211 | RHS- | M] () -- C:\Boot.bak
[2010/10/31 11:35:48 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2009/04/13 09:42:04 | 000,232,050 | ---- | M] () -- C:\ClearLog.txt
[2006/08/11 21:58:07 | 001,008,675 | ---- | M] (ALFY, Inc.) -- C:\CleverIsland2.exe
[2004/08/10 05:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2006/09/12 21:34:39 | 032,676,114 | ---- | M] (InstallShield Software Corporation) -- C:\colWoodsyWinnings.exe
[2010/10/24 17:46:01 | 000,020,407 | ---- | M] () -- C:\ComboFix.txt
[2005/08/31 05:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/07/20 01:48:22 | 001,358,864 | ---- | M] () -- C:\Dec2005_d3dx9_28_x64.cab
[2007/07/20 01:48:22 | 001,080,344 | ---- | M] () -- C:\Dec2005_d3dx9_28_x86.cab
[2007/07/20 01:48:22 | 000,213,767 | ---- | M] () -- C:\DEC2006_d3dx10_00_x64.cab
[2007/07/20 01:48:22 | 000,192,680 | ---- | M] () -- C:\DEC2006_d3dx10_00_x86.cab
[2007/07/20 01:48:22 | 001,572,114 | ---- | M] () -- C:\DEC2006_d3dx9_32_x64.cab
[2007/07/20 01:48:22 | 001,575,336 | ---- | M] () -- C:\DEC2006_d3dx9_32_x86.cab
[2007/07/20 01:48:22 | 000,193,435 | ---- | M] () -- C:\DEC2006_XACT_x64.cab
[2007/07/20 01:48:22 | 000,146,559 | ---- | M] () -- C:\DEC2006_XACT_x86.cab
[2007/05/13 20:02:08 | 000,001,195 | ---- | M] () -- C:\drivertimer.txt
[2007/07/20 01:48:24 | 000,077,160 | ---- | M] (Microsoft Corporation) -- C:\DSETUP.dll
[2007/07/20 01:48:24 | 001,673,576 | ---- | M] (Microsoft Corporation) -- C:\dsetup32.dll
[2007/07/20 02:18:56 | 000,044,684 | ---- | M] () -- C:\dxdllreg_x86.cab
[2007/07/20 01:48:18 | 013,265,040 | ---- | M] () -- C:\dxnt.cab
[2007/07/20 01:48:24 | 000,503,144 | ---- | M] (Microsoft Corporation) -- C:\DXSETUP.exe
[2007/07/20 01:48:24 | 000,086,709 | ---- | M] () -- C:\dxupdate.cab
[2010/07/07 06:06:16 | 000,000,056 | ---- | M] () -- C:\EmergencyErrorLog.20100707.txt
[2010/10/29 07:39:23 | 000,000,056 | ---- | M] () -- C:\EmergencyErrorLog.20101029.txt
[2005/12/08 15:57:12 | 000,000,000 | ---- | M] () -- C:\FailKeys.log
[2007/07/20 01:48:22 | 001,248,387 | ---- | M] () -- C:\Feb2005_d3dx9_24_x64.cab
[2007/07/20 01:48:22 | 001,014,113 | ---- | M] () -- C:\Feb2005_d3dx9_24_x86.cab
[2007/07/20 01:48:22 | 001,363,684 | ---- | M] () -- C:\Feb2006_d3dx9_29_x64.cab
[2007/07/20 01:48:22 | 001,085,608 | ---- | M] () -- C:\Feb2006_d3dx9_29_x86.cab
[2007/07/20 01:48:22 | 000,179,247 | ---- | M] () -- C:\Feb2006_XACT_x64.cab
[2007/07/20 01:48:22 | 000,133,297 | ---- | M] () -- C:\Feb2006_XACT_x86.cab
[2007/07/20 01:48:22 | 000,198,275 | ---- | M] () -- C:\FEB2007_XACT_x64.cab
[2007/07/20 01:48:22 | 000,151,583 | ---- | M] () -- C:\FEB2007_XACT_x86.cab
[2010/03/03 13:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2009/05/02 10:43:36 | 000,001,126 | ---- | M] () -- C:\GetAlbumId.ini
[2010/11/04 15:47:15 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2005/08/31 05:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/12/23 11:57:05 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2007/07/20 01:48:22 | 001,336,890 | ---- | M] () -- C:\Jun2005_d3dx9_26_x64.cab
[2007/07/20 01:48:22 | 001,065,813 | ---- | M] () -- C:\Jun2005_d3dx9_26_x86.cab
[2007/07/20 01:48:22 | 000,181,745 | ---- | M] () -- C:\JUN2006_XACT_x64.cab
[2007/07/20 01:48:22 | 000,134,631 | ---- | M] () -- C:\JUN2006_XACT_x86.cab
[2007/07/20 01:48:22 | 000,702,644 | ---- | M] () -- C:\JUN2007_d3dx10_34_x64.cab
[2007/07/20 01:48:22 | 000,702,072 | ---- | M] () -- C:\JUN2007_d3dx10_34_x86.cab
[2007/07/20 01:48:22 | 001,611,374 | ---- | M] () -- C:\JUN2007_d3dx9_34_x64.cab
[2007/07/20 01:48:24 | 001,610,886 | ---- | M] () -- C:\JUN2007_d3dx9_34_x86.cab
[2007/07/20 01:48:24 | 000,200,722 | ---- | M] () -- C:\JUN2007_XACT_x64.cab
[2007/07/20 01:48:24 | 000,156,509 | ---- | M] () -- C:\JUN2007_XACT_x86.cab
[2010/03/30 19:19:23 | 000,000,494 | ---- | M] () -- C:\LOG15.log
[2009/12/08 17:50:17 | 000,000,494 | ---- | M] () -- C:\LOG7725.log
[2009/02/19 16:54:56 | 000,051,335 | ---- | M] () -- C:\logfile
[2005/08/31 05:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 05:00:00 | 000,250,032 | ---- | M] () -- C:\ntldr
[2008/10/15 09:05:19 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2008/10/15 09:05:19 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2007/07/20 01:48:24 | 000,086,925 | ---- | M] () -- C:\Oct2005_xinput_x64.cab
[2007/07/20 01:48:24 | 000,046,247 | ---- | M] () -- C:\Oct2005_xinput_x86.cab
[2007/07/20 01:48:24 | 001,413,862 | ---- | M] () -- C:\OCT2006_d3dx9_31_x64.cab
[2007/07/20 01:48:24 | 001,128,177 | ---- | M] () -- C:\OCT2006_d3dx9_31_x86.cab
[2007/07/20 01:48:24 | 000,183,321 | ---- | M] () -- C:\OCT2006_XACT_x64.cab
[2007/07/20 01:48:24 | 000,138,977 | ---- | M] () -- C:\OCT2006_XACT_x86.cab
[2010/11/04 15:47:14 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2005/12/08 15:57:12 | 000,000,121 | ---- | M] () -- C:\PassKeys.log
[2008/04/20 10:07:46 | 000,094,134 | ---- | M] () -- C:\playground.log
[2006/06/30 11:36:50 | 000,000,306 | -H-- | M] () -- C:\T4Metrics.log
[2010/11/02 06:13:14 | 000,038,944 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_02.11.2010_06.12.41_log.txt
[2010/11/02 14:58:45 | 000,039,176 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_02.11.2010_14.58.04_log.txt
[2010/11/03 09:33:11 | 000,039,176 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_03.11.2010_09.32.31_log.txt
[2010/11/03 15:16:45 | 000,077,144 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_03.11.2010_15.09.02_log.txt
[2010/11/04 06:25:46 | 000,039,176 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_04.11.2010_06.23.51_log.txt
[2010/10/31 06:48:28 | 000,039,556 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_31.10.2010_05.46.09_log.txt
[2010/08/05 07:24:25 | 000,090,697 | ---- | M] () -- C:\VETlog.dmp
[2010/08/05 07:24:25 | 002,444,942 | ---- | M] () -- C:\VETlog.txt
[2007/12/23 11:57:31 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/06/19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B89AFF6
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE39AFC
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C69BB04
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3939CF5F
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D493D85
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F556E2EB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D77ADBDB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BFE8B22
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E5C6753
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFC8A5FD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B2EAA1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C37603F5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AA65D92
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:105C8D3E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C6D2EC3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F601A52A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AC59DDD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74F3CA70
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C446484
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7D48A89
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AD6CC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A7C726F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:712DCF50
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:442EBDC5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:081F773D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1CD4718
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C1A08E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EC55520
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3550534F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E943D067
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BA31186
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00B3A28E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:882AB8F8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132E98A6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A87B4345
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE8F70B0
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22A44AC3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:653372DD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47920A31
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D549BCC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B181B84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45742361
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA031481
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E50C1642
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A69FD649
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B84BE2FE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6205760E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCFEBC21

< End of report >



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-03.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/28/2010 9:18:47 AM
System Uptime: 11/4/2010 3:46:32 PM (6 hours ago)

Motherboard: Hewleet-Packard | | Asterope
Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2932/133mhz
Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2932/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 67.813 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 1.129 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 11/3/2010 5:18:25 PM - System Checkpoint
RP2: 11/4/2010 3:43:06 PM - Software Distribution Service 3.0
RP3: 11/4/2010 7:57:04 PM - OTL Restore Point

==== Installed Programs ======================


5 Card Slingo from HP Media Center (remove only)
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
AVG 2011
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
BufferChm
CameraDrivers
CCleaner
Chuzzle Deluxe from HP Media Center (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from HP Media Center (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
Family Feud
FATE from HP Media Center (remove only)
Fax
Fax_CDA
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 5.3
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
HpSdpAppCoreApp
Insaniquarium Deluxe from HP Media Center (remove only)
InstantShareDevices
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java™ 6 Update 20
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LightScribe 1.4.52.1
LSI PCI-SV92PP Soft Modem
Mah Jong Quest from HP Media Center (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Away Mode
Microsoft Money 2005
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Otto
Panda ActiveScan 2.0
Panda Internet Security 2011
Panda Secure Vault 5
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
PSPrinters08
PSTAPlugin
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scan
ScannerCopy
SCRABBLE from HP Media Center (remove only)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
SkinsHP1
Slingo Deluxe from HP Media Center (remove only)
Snowboard SuperJam from HP Media Center (remove only)
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SpywareBlaster 4.4
Status
Super Granny from HP Media Center (remove only)
SUPERAntiSpyware
Tradewinds from HP Media Center (remove only)
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zuma Deluxe from HP Media Center (remove only)

==== Event Viewer Messages From Past Week ========

53120441 AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss setup_9.0.0.722_29.10.2010_20-05drv SYMTDI Tcpip
11/4/2010 3:45:06 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0: x86 (KB829019).
11/3/2010 3:19:23 PM, error: System Error [1003] - Error code 100000d1, parameter1 209270ed, parameter2 00000002, parameter3 00000001, parameter4 840587c6.
11/3/2010 10:02:46 AM, error: System Error [1003] - Error code 1000008e, parameter1 c000001d, parameter2 83ee47b6, parameter3 80550114, parameter4 00000000.
11/2/2010 6:16:22 AM, error: System Error [1003] - Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 837c410a.
11/2/2010 2:33:47 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 eb589c93, parameter3 f7987a74, parameter4 f7987770.
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda Software Controller service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda PSK service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda Process Protection Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda On-Access Anti-Malware Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda IManager Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda Host Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Panda Function Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:30:54 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
11/1/2010 5:30:54 PM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/1/2010 5:29:31 PM, error: Service Control Manager [7034] - The ARSVC service terminated unexpectedly. It has done this 1 time(s).
11/1/2010 5:29:31 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/1/2010 5:28:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: General access denied error
11/1/2010 4:59:00 PM, error: NtServicePack [4374] - Windows XP installation failed, leaving Windows XP partially updated.
The installation of the Service Pack did not complete, and a rollback to the pre-installation state has been initiated. A rollback is a two-step process. Step one is complete; to complete step two, click OK. To be reminded at next login to complete step two, click Cancel. After you complete the rollback, your system will reboot and you may retry the installation of the Service Pack.
11/1/2010 4:28:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: General access denied error
11/1/2010 3:00:57 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x87ff0004: Windows XP Service Pack 3 (KB936929).
11/1/2010 12:28:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: General access denied error
11/1/2010 10:28:12 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: General access denied error
11/1/2010 1:28:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: General access denied error
10/31/2010 9:45:19 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
10/31/2010 9:28:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: General access denied error
10/31/2010 8:28:00 AM, error: Schedule [7901] - The At22.job command failed to start due to the following error: General access denied error
10/31/2010 7:28:00 AM, error: Schedule [7901] - The At14.job command failed to start due to the following error: General access denied error
10/31/2010 4:28:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error
10/31/2010 3:28:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: General access denied error
10/31/2010 2:59:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Network Drivers Service service to connect.
10/31/2010 2:28:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: General access denied error
10/31/2010 12:28:00 PM, error: Schedule [7901] - The At7.job command failed to start due to the following error: General access denied error
10/31/2010 11:39:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/31/2010 11:39:47 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/31/2010 11:38:47 AM, error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
10/31/2010 11:30:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
10/31/2010 11:30:05 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/31/2010 11:28:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: General access denied error
10/31/2010 10:28:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: General access denied error
10/31/2010 1:28:00 PM, error: Schedule [7901] - The At10.job command failed to start due to the following error: General access denied error
10/30/2010 7:40:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/30/2010 7:39:46 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
10/30/2010 7:39:46 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2010 7:39:46 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2010 7:39:46 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2010 7:39:46 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/30/2010 7:00:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
10/30/2010 7:00:59 PM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2010 6:50:33 PM, error: Dhcp [1002] - The IP address lease 66.220.110.191 for the Network Card with network address 00142AC64266 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/30/2010 4:28:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: General access denied error
10/30/2010 3:28:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: General access denied error
10/30/2010 3:25:51 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
10/30/2010 3:05:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/29/2010 9:28:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: General access denied error
10/29/2010 8:28:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: General access denied error
10/29/2010 7:28:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: General access denied error
10/29/2010 6:28:00 PM, error: Schedule [7901] - The At8.job command failed to start due to the following error: General access denied error
10/29/2010 6:17:53 AM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 00142AC64266 has been denied by the DHCP server 216.228.184.164 (The DHCP Server sent a DHCPNACK message).
10/29/2010 6:17:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iaStor IntelIde ViaIde
10/29/2010 5:28:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: General access denied error
10/29/2010 10:28:06 PM, error: Schedule [7901] - The At11.job command failed to start due to the following error: General access denied error
10/28/2010 5:21:13 PM, error: Dhcp [1002] - The IP address lease 66.220.108.139 for the Network Card with network address 00142AC64266 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
10/28/2010 3:53:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
10/28/2010 3:53:42 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/28/2010 3:53:42 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
10/28/2010 3:48:58 PM, error: Service Control Manager [7023] - The SPService service terminated with the following error: Access is denied.
10/28/2010 2:28:00 PM, error: Schedule [7901] - The At9.job command failed to start due to the following error: General access denied error

==== End Of File ===========================

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 05 November 2010 - 05:51 PM

Hello, edeekremer.

OK, you are indeed infected with malware that's visible in the logs. Since you can't run GMER, please run these two. Then we can start the cleanup process.



Step 1

Scan With RKUnHooker

  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#7 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 05 November 2010 - 10:58 PM

Ok I downloaded both programs and tried three time to run the unhooker and this is the error log it created

Exception code : 0xC0000005
Instruction address : 0x7FFA0005
Attempt to read at address : 0xFFFFFFFF

also went ahead and ran the other and this is the log it created MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7A3C000 \WINDOWS\system32\KDCOM.DLL
0xF794C000 \WINDOWS\system32\BOOTVID.dll
0xF740D000 ACPI.sys
0xF7A3E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF73FC000 pci.sys
0xF753C000 isapnp.sys
0xF754C000 ohci1394.sys
0xF755C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B04000 pciide.sys
0xF77BC000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A40000 viaide.sys
0xF7A42000 intelide.sys
0xF756C000 MountMgr.sys
0xF73DD000 ftdisk.sys
0xF7A44000 dmload.sys
0xF73B7000 dmio.sys
0xF77C4000 PartMgr.sys
0xF757C000 pavboot.sys
0xF758C000 VolSnap.sys
0xF72E2000 iaStor.sys
0xF72CA000 atapi.sys
0xF7287000 ftsata2.sys
0xF726F000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF759C000 disk.sys
0xF75AC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7250000 fltmgr.sys
0xF723E000 sr.sys
0xF75BC000 bb-run.sys
0xF7221000 dwprot.sys
0xF71F4000 \WINDOWS\system32\drivers\NDIS.SYS
0xF77CC000 \WINDOWS\system32\drivers\TDI.SYS
0xF77D4000 PxHelp20.sys
0xF71DD000 KSecDD.sys
0xF7150000 Ntfs.sys
0xF7135000 Mup.sys
0xF77DC000 avgrkx86.sys
0xF75CC000 AVGIDSEH.Sys
0xF776C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF5F84000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF5F70000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7894000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF5F4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF789C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF777C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF778C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF779C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF5F2A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF5F05000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78A4000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF5EF1000 \SystemRoot\system32\DRIVERS\parport.sys
0xF78AC000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xF5DD4000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7A80000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78B4000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5DB6000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF67DB000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xF7C30000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF763C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF67D7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5D9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6BB2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6152000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF5D8E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6142000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78BC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78C4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5D5E000 \SystemRoot\system32\DRIVERS\neti1642.sys
0xF5D2D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF6132000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78CC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7A86000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5CF9000 \SystemRoot\system32\DRIVERS\update.sys
0xF79E4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6122000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF60F2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF1889000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF1867000 \SystemRoot\system32\drivers\portcls.sys
0xF60D2000 \SystemRoot\system32\drivers\drmk.sys
0xF6B92000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7A8C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C5D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A8E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78FC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7904000 \SystemRoot\System32\drivers\vga.sys
0xF7A90000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A92000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF790C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7914000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF1837000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1794000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF173C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF16F4000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF16D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6B72000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6B62000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF1685000 \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
0xF1635000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1613000 \SystemRoot\System32\drivers\afd.sys
0xF6B52000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF6B42000 \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
0xF791C000 \SystemRoot\System32\DRIVERS\ShlDrv51.sys
0xF15F1000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7924000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF15C6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF152F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF1501000 \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
0xF17D3000 \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
0xF6B32000 \SystemRoot\System32\Drivers\Fips.SYS
0xF792C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6B22000 \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
0xF14C5000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF17CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF764C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF793C000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xF7944000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF17C7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7A94000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xF183F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7A96000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xF139C000 \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
0xF1379000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF12E9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AEE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF1681000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7874000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C4B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF051000 \SystemRoot\System32\ati2cqag.dll
0xBF08A000 \SystemRoot\System32\atikvmag.dll
0xBF0BF000 \SystemRoot\System32\ati3duag.dll
0xBF30C000 \SystemRoot\System32\ativvaxx.dll
0xF1465000 \SystemRoot\system32\DRIVERS\amm8651.sys
0xEF15D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF769C000 \??\C:\WINDOWS\system32\PavTPK.sys
0xEEE24000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEEDE7000 \SystemRoot\system32\drivers\wdmaud.sys
0xEEFB9000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEF79000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xEEC91000 \SystemRoot\System32\Drivers\HTTP.sys
0xEEAFA000 \SystemRoot\system32\DRIVERS\srv.sys
0xEE7D3000 \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
0xEEA02000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xEE5C3000 \??\C:\WINDOWS\system32\PavSRK.sys
0xEE503000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xEE6C3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDE5A000 \SystemRoot\system32\drivers\av5flt.sys
0xF7864000 \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
0xEDA46000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
1172 C:\WINDOWS\system32\smss.exe
1204 C:\Program Files\AVG\AVG10\avgchsvx.exe
1392 csrss.exe
1424 C:\WINDOWS\system32\winlogon.exe
1472 C:\WINDOWS\system32\services.exe
1484 C:\WINDOWS\system32\lsass.exe
1656 C:\WINDOWS\system32\svchost.exe
1756 svchost.exe
1880 C:\WINDOWS\system32\svchost.exe
1904 C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
168 svchost.exe
296 svchost.exe
384 C:\Program Files\Panda Security\Panda Internet Security 2011\WebProxy.exe
1132 C:\WINDOWS\system32\spoolsv.exe
308 svchost.exe
140 C:\Program Files\LSI SoftModem\agrsmsvc.exe
984 C:\WINDOWS\arservice.exe
1820 C:\Program Files\AVG\AVG10\avgwdsvc.exe
268 C:\WINDOWS\ehome\ehrecvr.exe
944 C:\WINDOWS\ehome\ehSched.exe
752 C:\Program Files\Java\jre6\bin\jqs.exe
1164 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1532 C:\WINDOWS\explorer.exe
2656 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2888 C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrlS.exe
3120 C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
3672 C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
3932 C:\Program Files\Panda Security\Panda Internet Security 2011\FIREWALL\PSHost.exe
4016 C:\Program Files\AVG\AVG10\avgnsx.exe
352 C:\Program Files\AVG\AVG10\avgemcx.exe
2372 C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
3472 C:\Program Files\Panda Security\Panda Internet Security 2011\psksvc.exe
1804 svchost.exe
2960 C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
3792 C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
480 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3700 C:\WINDOWS\ehome\ehtray.exe
3744 C:\WINDOWS\arpwrmsg.exe
2112 C:\Program Files\DISC\DISCUpdateMgr.exe
2236 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
2272 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2444 C:\Program Files\AVG\AVG10\avgtray.exe
2620 mcrdsvc.exe
2720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2896 C:\Program Files\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
3348 C:\Program Files\HP Wireless Keyboard\Kmaestro.exe
380 C:\WINDOWS\system32\ctfmon.exe
248 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3008 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2276 C:\WINDOWS\system32\dllhost.exe
4412 alg.exe
5488 C:\WINDOWS\ehome\ehmsas.exe
2156 C:\Program Files\Panda Security\Panda Internet Security 2011\SrvLoad.exe
4120 C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
5680 C:\Program Files\AVG\AVG10\avgrsx.exe
5748 C:\Program Files\AVG\AVG10\avgcsrvx.exe
5008 C:\hp\KBD\kbd.exe
6048 C:\WINDOWS\RTHDCPL.EXE
3248 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
4628 C:\WINDOWS\system\hpsysdrv.exe
2880 C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\MBRCheck.exe
4544 C:\WINDOWS\CREATOR\Remind_XP.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`20af2e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HDT722516DLA380, Rev: V43OA80A

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972


Done!

Yes I realize I may need to run the second one again.

Thanks Elmer

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 06 November 2010 - 09:53 AM

Hello, edeekremer.
OK, let's get started.






Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578




Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Panda or AVG.

Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.



Step 2

please attach this file in your reply:
C:\TDSSKiller.2.4.5.1_04.11.2010_06.23.51_log.txt

Please also attach the Combofix log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#9 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 06 November 2010 - 01:02 PM

Ok Here is a problem I am trying to uninstall avg but it does not want to through add and remove programs or through its interface combo fix says it will not run with avg installed when we get this clean me and the wife are going with the full version of panda so I do not need avg anymore. any ideas how to get rid of it in the mean time?
Thank You for all your help

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 06 November 2010 - 01:49 PM

Try downloading Revo from here.

Install it then run it. Select AVG from the list, click Uninstall and follow the prompts. Did that work?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#11 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 06 November 2010 - 07:25 PM

ok revo got most of avg out and combo was able to run

below is combo log and the
ComboFix 10-11-03.04 - HP_Administrator 11/06/2010 16:33:28.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.435 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\etavares.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Panda Internet Security 2011 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator.HOME\Application Data\completescan
c:\documents and settings\HP_Administrator.HOME\Application Data\install
c:\documents and settings\HP_Administrator\delme.bat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-11-06 22:54 . 2007-10-11 11:20 24960 ----a-r- c:\windows\system32\drivers\ATWPKT2.SYS
2010-11-06 22:54 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-11-06 22:38 . 2010-11-06 22:42 -------- d-----w- C:\etavares
2010-11-06 21:57 . 2010-11-06 22:29 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-11-06 21:07 . 2009-12-30 18:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-11-06 21:07 . 2010-11-06 21:07 -------- d-----w- c:\program files\VS Revo Group
2010-11-04 22:45 . 2010-11-04 22:45 -------- d-----w- c:\program files\LSI SoftModem
2010-11-04 13:28 . 2010-09-06 09:26 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-11-03 22:13 . 2010-11-03 22:13 -------- d-----w- C:\TDSSKiller_Quarantine
2010-11-02 21:15 . 2010-11-02 21:24 125304 ----a-w- c:\windows\system32\drivers\dwprot.sys
2010-11-02 13:25 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-02 13:25 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-01 21:17 . 2010-11-01 23:53 -------- d-----w- c:\windows\system32\scripting
2010-11-01 21:17 . 2010-11-01 23:53 -------- d-----w- c:\windows\system32\en
2010-11-01 21:17 . 2010-11-01 23:53 -------- d-----w- c:\windows\system32\bits
2010-11-01 21:11 . 2007-08-11 04:46 33656 ----a-w- c:\windows\system32\sprecovr.exe
2010-11-01 21:02 . 2004-08-10 12:00 32768 ----a-w- c:\windows\system32\asr_pfu.exe
2010-11-01 21:01 . 2010-03-05 14:57 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-01 15:17 . 2010-11-06 21:48 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-11-01 15:10 . 2010-11-06 21:33 220312 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-11-01 15:10 . 2009-09-25 21:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-11-01 15:10 . 2009-09-25 21:54 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-11-01 15:10 . 2009-09-25 21:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-11-01 15:10 . 2010-02-19 02:31 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-11-01 15:10 . 2009-09-25 21:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-11-01 15:10 . 2009-09-25 21:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-11-01 15:10 . 2010-11-01 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2010-11-01 15:09 . 2007-03-16 02:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-11-01 15:09 . 2003-10-23 01:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-11-01 15:09 . 2009-10-06 19:33 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-11-01 15:09 . 2009-03-31 01:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-11-01 15:09 . 2009-03-31 01:22 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-11-01 15:09 . 2007-02-08 17:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-11-01 15:09 . 2009-03-31 01:22 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-11-01 15:09 . 2010-02-19 02:31 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-11-01 15:09 . 2010-03-24 19:55 55552 ----a-w- c:\windows\system32\avldr.dll
2010-11-01 15:09 . 2010-05-21 20:50 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-11-01 15:09 . 2010-11-01 15:09 -------- d-----w- c:\windows\system32\PAV
2010-11-01 15:07 . 2009-10-27 19:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-11-01 15:07 . 2010-11-01 15:07 -------- d-----w- c:\program files\Common Files\Panda Security
2010-11-01 15:07 . 2009-09-14 23:18 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-11-01 15:05 . 2010-11-01 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-11-01 13:25 . 2005-04-04 06:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-01 13:25 . 2005-04-04 06:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-01 13:25 . 2005-04-04 06:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-01 13:25 . 2005-04-04 06:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-01 13:25 . 2005-04-04 05:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-01 13:25 . 2010-11-01 13:25 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-01 13:25 . 2010-11-01 13:25 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-10-31 22:43 . 2010-10-31 22:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-31 22:43 . 2010-10-31 22:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 19:17 . 2008-04-14 00:12 7680 ----a-w- c:\windows\system32\spdwnwxp.exe
2010-10-31 17:49 . 2010-06-23 01:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-30 05:23 . 2010-10-30 05:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-10-29 15:33 . 2010-11-01 20:38 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-10-29 15:31 . 2010-10-29 15:33 -------- d-----w- C:\27a50a063a0423267713549d013703d4
2010-10-28 22:49 . 2010-10-28 22:49 -------- d-----w- C:\$AVG
2010-10-28 22:19 . 2010-10-28 22:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-10-28 22:14 . 2010-11-06 00:01 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-28 21:05 . 2010-10-28 21:05 76440 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-10-28 21:05 . 2010-10-28 21:05 -------- d-----w- c:\program files\Prevx
2010-10-28 21:05 . 2010-10-28 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-10-28 16:18 . 2010-10-22 23:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-10-28 16:18 . 2010-10-22 23:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-10-28 16:18 . 2005-12-08 22:52 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2010-10-28 16:18 . 2010-10-22 23:23 -------- d-sh--w- c:\documents and settings\Default User\PrivacIE
2010-10-28 16:18 . 2010-10-22 23:21 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-10-28 16:04 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-28 14:30 . 2010-11-04 22:43 -------- d-sh--r- c:\windows\system32\dllcache
2010-10-27 11:49 . 2010-10-29 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-10-26 02:06 . 2010-11-01 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-10-26 02:06 . 2010-11-01 15:11 -------- d-----w- c:\program files\Panda Security
2010-10-25 19:52 . 2010-10-28 14:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-25 19:52 . 2010-10-28 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-24 23:51 . 2010-10-24 23:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-10-23 14:03 . 2010-10-23 14:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-22 23:31 . 2010-10-22 23:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
2010-10-22 23:23 . 2010-10-22 23:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-10-22 23:21 . 2010-10-22 23:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-10-22 21:27 . 2010-10-23 04:48 -------- d-----w- c:\program files\Spyware Doctor
2010-10-21 14:59 . 2010-10-28 22:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-21 14:56 . 2010-11-06 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-21 14:55 . 2010-10-26 00:29 -------- d-----w- c:\program files\AVG
2010-10-21 14:48 . 2010-10-21 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-21 04:19 . 2010-10-26 00:36 -------- d-----w- c:\program files\Sophos
2010-10-21 03:56 . 2010-10-21 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-21 03:56 . 2010-11-02 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-21 01:04 . 2010-10-21 01:04 -------- d-----w- c:\program files\Enigma Software Group
2010-10-21 00:00 . 2010-10-21 00:00 -------- d-----w- c:\program files\SymNetDrv
2010-10-20 23:40 . 2010-11-06 23:48 -------- d-----w- c:\documents and settings\HP_Administrator
2010-10-20 22:16 . 2010-10-20 22:16 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-10-20 16:30 . 2010-10-20 16:30 0 ----a-w- c:\windows\Tlegacirojikeh.bin
2010-10-20 16:28 . 2010-10-24 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WSTB

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 23:27 . 2010-09-13 23:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 10:49 . 2010-09-07 10:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 10:48 . 2010-09-07 10:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 10:48 . 2010-09-07 10:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 10:48 . 2010-09-07 10:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-20 04:42 . 2010-08-20 04:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-20 04:42 . 2010-08-20 04:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 04:42 . 2010-08-20 04:42 26192 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]
"PCDrProfiler"="" [BU]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2010-08-26 988480]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 19:55 55552 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-09-27 07:43 1060864 ----a-w- c:\program files\DISC\DISCover.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6924:TCP"= 6924:TCP:spport
"27547:TCP"= 27547:TCP:spport
"16198:TCP"= 16198:TCP:spport
"29679:TCP"= 29679:TCP:spport

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 26064]
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [11/2/2010 2:15 PM 125304]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/31/2010 10:49 AM 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [11/1/2010 8:10 AM 76296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 298448]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [11/1/2010 8:10 AM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [11/1/2010 8:10 AM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [11/1/2010 8:10 AM 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [11/1/2010 8:10 AM 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [11/1/2010 8:07 AM 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [11/1/2010 8:10 AM 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [11/1/2010 8:09 AM 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [11/1/2010 8:07 AM 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2011\psksvc.exe [11/1/2010 8:10 AM 28992]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 26192]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [11/1/2010 8:09 AM 199688]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [11/1/2010 8:17 AM 13880]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/6/2010 2:07 PM 27064]
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-10-28 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]

2010-11-05 c:\windows\Tasks\ParetoLogic Privacy Controls_{079B0239-1D54-11DF-ADB6-00038A000015}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

2010-11-06 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-10-24 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-10-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-10-24 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-10-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-02-23 23:20]

2010-11-06 c:\windows\Tasks\Registry Reviver-HP_Administrator-Startup.job
- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2010-02-02 00:39]

2010-10-21 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\schedule.exe [2010-10-21 03:06]

2010-11-06 c:\windows\Tasks\User_Feed_Synchronization-{E0DCC59F-35AE-42BA-B0ED-820E395F136E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-URLLSTCK - c:\program files\Norton Internet Security\UrlLstCk.exe
AddRemove-BtcMaestro - c:\windows\system32\KmRemove.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avldr.dll
.
Completion time: 2010-11-06 17:06:36
ComboFix-quarantined-files.txt 2010-11-07 00:06
ComboFix2.txt 2010-10-25 00:46
ComboFix3.txt 2010-07-16 21:38

Pre-Run: 73,581,076,480 bytes free
Post-Run: 73,750,974,464 bytes free

- - End Of File - - 71E7D21F682867F5FE0C7BBFB63865FC

Attached Files


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 07 November 2010 - 06:41 AM

Hello, edeekremer.


How is it running now?

Step 1

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    :files
c:\windows\Tlegacirojikeh.bin
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\qagentrt.dll -- (napagent)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\kmsvc.dll -- (hkmsvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (Dot3svc)
O3 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll File not found
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B89AFF6
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AE39AFC
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C69BB04
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3939CF5F
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D493D85
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09B77012
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F556E2EB
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D77ADBDB
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BFE8B22
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E5C6753
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFC8A5FD
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9B2EAA1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C37603F5
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AA65D92
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:105C8D3E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C6D2EC3
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F601A52A
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AC59DDD
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74F3CA70
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C446484
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7D48A89
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE9AD6CC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A7C726F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:712DCF50
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:442EBDC5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:081F773D
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1CD4718
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99C1A08E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8EC55520
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3550534F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E943D067
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BA31186
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00B3A28E
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:882AB8F8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:132E98A6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A87B4345
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE8F70B0
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22A44AC3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:653372DD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47920A31
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6D549BCC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B181B84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45742361
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA031481
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E50C1642
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A69FD649
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B84BE2FE
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6205760E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BCFEBC21
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#13 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 07 November 2010 - 09:08 AM

ok here are the two reports

========== FILES ==========
c:\windows\Tlegacirojikeh.bin moved successfully.
========== OTL ==========
Service napagent stopped successfully!
Service napagent deleted successfully!
File C:\WINDOWS\System32\qagentrt.dll not found.
Service hkmsvc stopped successfully!
Service hkmsvc deleted successfully!
File C:\WINDOWS\System32\kmsvc.dll not found.
Service EapHost stopped successfully!
Service EapHost deleted successfully!
File C:\WINDOWS\System32\eapsvc.dll not found.
Service Dot3svc stopped successfully!
Service Dot3svc deleted successfully!
File C:\WINDOWS\System32\dot3svc.dll not found.
Registry value HKEY_USERS\S-1-5-21-2768739876-1444729851-3462671595-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5B89AFF6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3F9A3DFF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2AE39AFC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C69BB04 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3939CF5F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:090FB735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:729F0E7F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0C2A22D4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8396B0AE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AE498D0C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9F222B60 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0D493D85 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26B71D30 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:09B77012 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F556E2EB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D77ADBDB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A7F8B6E9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4BFE8B22 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E5C6753 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CFC8A5FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C9B2EAA1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C37603F5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1C4D3509 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AA65D92 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:105C8D3E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8C6D2EC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F601A52A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9AC59DDD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3ED71AF9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFDE872C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F00E008B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:74F3CA70 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C446484 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7D48A89 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EE9AD6CC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7A7C726F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:712DCF50 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:442EBDC5 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:081F773D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F1CD4718 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:99C1A08E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8EC55520 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3550534F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E943D067 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BA31186 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:00B3A28E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41289DF0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:882AB8F8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:132E98A6 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A87B4345 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CE8F70B0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:22A44AC3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:653372DD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:47920A31 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B9176C0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6D549BCC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6B181B84 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:45742361 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EA031481 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E50C1642 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A69FD649 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B84BE2FE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6205760E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BCFEBC21 deleted successfully.

OTL by OldTimer - Version 3.2.17.2 log created on 11072010_051124
second report too long to post so have attached it
no it says to big to upload so let me know how to zip or I can cut into chunks and post
thank you for all you help
elmer

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:01:38 AM

Posted 07 November 2010 - 09:23 AM

Please let me know how your computer is running.

For that second log, please break it up into multiple posts if you have to.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 

#15 edeekremer

edeekremer
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
    •  
  • Local time:09:38 PM

Posted 07 November 2010 - 09:34 AM

as far as how the computer is running it is doing better will try IE8 here in a min that is where I get the hijack and pop up alerts more here is the first part of the 2nd log

OTL logfile created on: 11/7/2010 5:36:16 AM - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 314.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.53 Gb Total Space | 68.72 Gb Free Space | 48.90% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.13 Gb Free Space | 13.28% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/04 18:46:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\OTL.exe
PRC - [2010/10/31 10:06:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/06 16:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/29 00:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
PRC - [2010/09/13 00:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
PRC - [2010/08/26 02:52:15 | 000,988,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\ApVxdWin.exe
PRC - [2010/08/16 04:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\psksvc.exe
PRC - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
PRC - [2010/05/28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
PRC - [2010/04/22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\WebProxy.exe
PRC - [2010/02/23 11:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
PRC - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2011\FIREWALL\PSHost.exe
PRC - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrlS.exe
PRC - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/06/27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\SrvLoad.exe
PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2005/09/26 23:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/09/21 09:41:10 | 001,605,740 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/08/02 23:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/02/21 12:53:24 | 000,245,760 | ---- | M] (BTC) -- C:\Program Files\HP Wireless Keyboard\Kmaestro.exe
PRC - [2004/12/14 11:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/04 18:46:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Desktop\OTL.exe
MOD - [2009/08/10 12:45:54 | 000,095,488 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavOEpl.dll
MOD - [2009/03/30 17:22:58 | 000,518,400 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2007/02/08 09:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2004/08/10 11:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2004/06/15 14:32:12 | 000,018,476 | ---- | M] (BTC) -- C:\Program Files\HP Wireless Keyboard\HidKeybd.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/29 00:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe -- (TPSrv)
SRV - [2010/09/13 00:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 04:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2005/08/02 23:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/09/29 19:14:36 | 000,069,632 | ---- | M] (HP) [Boot | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1.000\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - [2010/11/07 05:35:05 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2010/11/02 13:24:18 | 000,125,304 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dwprot.sys -- (DwProt)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/06/22 17:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 12:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2010/05/10 10:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 18:31:20 | 000,199,688 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1642.sys -- (NETIMFLT01060042)
DRV - [2010/02/18 18:31:18 | 000,076,296 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/02/17 10:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/30 10:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/27 11:07:42 | 000,037,896 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2009/09/25 13:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 13:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 13:54:04 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/09/25 13:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 13:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/09/14 15:18:22 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/03/09 04:03:24 | 000,121,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/10/18 12:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/08/13 21:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/03 23:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 00:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 13:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/01/08 00:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 14:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2003/01/10 13:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 10:06:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 14:43:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2005/12/08 14:39:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/10/28 08:24:35 | 000,000,000 | ---D | M]

[2010/10/28 08:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Mozilla\Extensions
[2010/10/28 08:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Application Data\Mozilla\Firefox\Profiles\ieiyz0x4.default\extensions
[2010/11/06 14:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/31 14:43:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/31 14:42:59 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/10/20 07:33:42 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2010/11/06 15:50:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP Wireless Keyboard\KMaestro.exe (BTC)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe (Panda Security, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2768739876-1444729851-3462671595-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.228.160.6 216.228.160.7 216.228.160.8 216.228.160.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·