Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Errors and Firefox Redirects, Also freezes sometimes =/


  • This topic is locked This topic is locked
14 replies to this topic

#1 Idiot Operator

Idiot Operator

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 20 December 2010 - 11:18 AM

Well this is my 1st post and dont really know where to start so, Hey all =D

So as of about 2 weeks ago, my computer (Windows XP SP3) was infected with all sorts of nasty things and I have no idea whats going on. I'm going to list everything thats wrong with it:

  • Casual Win32 Errors and SVC.exe that ask me to Send Report or Dont Send, (PC Freezes either way after choosing an option)
  • My Firefox redirects a lot of my google searches to random things and a lot of Walmart 1000$ pages
  • When rebooting, my computer stalls after trying to log back in, forcing me to force shut and restart again
  • Comp freezes usually after using Start > Turn Off Comp
  • This is one is really weird, I CAN NOT get to Windows update website at ALL to manually install updates, because automatic updates is not working either >_<
  • Sometimes I cant manually turn off my wireless internet from the task bar and then sometimes freezes when I try

I seem to have a lot of infections I found on this forum on just this 1 computer haha, but so far the only things I've done to try to clean my PC is use CCcleaner on safe mode, and I have Malwarebytes and SUPERantispyware that hasnt detected anything at all and was also recommended to try out combofix, but it ran into a problem with my free AVG and so i had to delete that, and now that its gone combofix tells me I still have AVG installed even though its not, So I deleted combofix too.

After not finding anything, I discovered Windows Live Virus Scan on their website (But I cant get to microsoft updates at all from their website?? It just doesnt even load when I click it), This virus scanner told me I had some virus called Win32/Afcore and proceeded to try and clean it, but after a day, the virus I assumed was back, and probably a different one.


Well, I cant think of anything more to add, that pretty much sums it all up. Sooo where do I start? Haha and I'm not really too computer savvy, but I can follow instructions pretty well.
Any help would be super appreciated >_< and hope you guys are having a great day.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:46:03 PM, on 12/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8988 bytes

Edited by Idiot Operator, 20 December 2010 - 06:02 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 30 December 2010 - 06:20 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 08 January 2011 - 06:24 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 09 January 2011 - 10:38 AM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Idiot Operator

Idiot Operator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 09 January 2011 - 10:50 AM

Well, I'm still having Win32 errors, SVChost Process Errors (0x7c923845 at 0x00000000) and Google redirects. I also cant connect to windows update, and cannot manually access the Microsofts website.

When I get the Win32 errors AND Svchost errors, If I choose to send report, dont send, or Debug, my computer ends up becoming unresponsive.

Here are those logs:

OTL:
OTL logfile created on: 1/9/2011 10:37:06 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.52 Gb Total Space | 159.90 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.42 Gb Free Space | 4.92% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/09 10:35:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
PRC - [2010/12/11 12:31:14 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/22 11:29:41 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/15 15:33:40 | 010,358,072 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/06/10 20:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/03 12:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/03/07 16:28:48 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/02/21 16:59:00 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/02/21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/11/08 16:51:54 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
PRC - [2005/11/01 12:01:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe


========== Modules (SafeList) ==========

MOD - [2011/01/09 10:35:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2005/12/14 16:51:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/12/14 16:51:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/02/21 16:58:34 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2005/11/08 16:51:54 | 000,180,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe -- (ELService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\tgxhmvma.sys -- (tgxhmvma)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20101113.002\symidsco.sys -- (SYMIDSCO)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 09:30:28 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/05/25 15:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/02/21 16:44:30 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/01/13 19:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/14 16:51:00 | 003,580,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 13:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 13:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 13:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/11/08 16:51:40 | 000,007,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2005/11/08 16:51:38 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmon.sys -- (ELmon)
DRV - [2005/11/08 16:51:22 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELkbd.sys -- (ELkbd)
DRV - [2005/11/08 16:51:20 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELmou.sys -- (ELmou)
DRV - [2005/11/08 16:51:18 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ELhid.sys -- (ELhid)
DRV - [2005/10/05 12:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wn5301.sys -- (WN5301)
DRV - [2005/07/28 20:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/06/29 19:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 09:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/12 07:39:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 12:31:24 | 000,000,000 | ---D | M]

[2010/07/16 11:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions
[2010/07/16 11:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/08 22:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\h9es4gj5.default\extensions
[2010/11/28 00:15:43 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\h9es4gj5.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/11/28 00:16:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\h9es4gj5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/25 12:05:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\h9es4gj5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/28 00:16:35 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\h9es4gj5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/10/23 21:06:59 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\h9es4gj5.default\extensions\vshare@toolbar
[2011/01/08 22:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/01/07 10:15:32 | 000,001,003 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O1 - Hosts: 127.0.0.1 coo0lnet.net
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-3233919454-1843399440-878560322-1008..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-3233919454-1843399440-878560322-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\MCX1\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3233919454-1843399440-878560322-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 16:40:33 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 10:35:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2011/01/04 19:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/12/30 20:48:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Recent
[2010/12/29 09:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\ssthvratr
[2010/12/24 18:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/12/24 18:15:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/12/22 13:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/12/20 16:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/20 16:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Start Menu\Programs\HiJackThis
[2010/12/20 10:04:47 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/14 10:06:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/12 11:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/12/12 08:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
[2010/12/12 08:49:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/12 08:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/12 08:49:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/12 08:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/11 12:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
[2010/12/11 12:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/11 12:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2010/12/11 12:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/11 05:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\AVG10
[2010/12/11 05:51:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/11 05:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/11 04:17:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/09 10:35:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\OTL.exe
[2011/01/09 08:49:13 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/01/09 08:48:40 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/08 23:46:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/08 23:46:49 | 3756,478,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/08 19:06:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/08 18:55:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/31 01:00:27 | 000,381,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Quartz-3.0.4.zip
[2010/12/31 00:59:23 | 001,993,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AtlasLoot-v6.01.02.zip
[2010/12/30 22:44:28 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/30 17:01:18 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HiJackThis.lnk
[2010/12/16 17:06:27 | 133,049,633 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\The_Game_-_LAX_RED_Edition-(DatPiff.com).zip
[2010/12/16 16:56:31 | 085,414,721 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\No_Genre-(DatPiff.com).zip
[2010/12/12 16:01:16 | 000,140,882 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2010/12/12 15:57:42 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/12/12 08:41:15 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/12/11 04:46:03 | 000,014,739 | ---- | M] () -- C:\WINDOWS\System32\12543.js
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/31 01:00:27 | 000,381,280 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\Quartz-3.0.4.zip
[2010/12/31 00:59:26 | 001,993,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\AtlasLoot-v6.01.02.zip
[2010/12/30 22:24:45 | 3756,478,464 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/20 16:36:56 | 000,002,501 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\HiJackThis.lnk
[2010/12/16 16:11:56 | 085,414,721 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\No_Genre-(DatPiff.com).zip
[2010/12/16 16:10:46 | 133,049,633 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\The_Game_-_LAX_RED_Edition-(DatPiff.com).zip
[2010/12/12 19:39:28 | 000,001,750 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\avgrep.txt
[2010/12/12 15:57:42 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/12/12 15:50:38 | 000,140,951 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2010/12/12 15:50:38 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2010/12/12 15:49:45 | 000,506,560 | ---- | C] () -- C:\WINDOWS\System32\autorun.inf
[2010/11/25 12:01:31 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\start
[2010/11/25 12:00:25 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\completescan
[2010/11/25 11:28:49 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\install
[2010/03/09 02:49:21 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 11:09:17 | 000,146,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2010/02/19 11:09:08 | 000,002,227 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\HPSU_48BitScanUpdate.log
[2010/02/19 10:52:49 | 000,033,493 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/09/22 10:50:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVM.INI
[2009/06/18 08:02:45 | 000,000,081 | ---- | C] () -- C:\WINDOWS\XBIZCARD.INI
[2008/12/15 21:05:11 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/11 20:38:37 | 000,019,593 | ---- | C] () -- C:\Program Files\Common Files\ymirovafe.db
[2008/11/11 20:38:37 | 000,014,925 | ---- | C] () -- C:\Program Files\Common Files\zogyjaro._sy
[2008/11/11 20:38:37 | 000,014,577 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxun.com
[2008/11/11 20:38:37 | 000,010,292 | ---- | C] () -- C:\Program Files\Common Files\napum._dl
[2008/11/11 19:44:25 | 000,014,855 | ---- | C] () -- C:\Program Files\Common Files\ynuwuhego.sys
[2008/11/11 09:26:12 | 000,018,778 | ---- | C] () -- C:\WINDOWS\xawopefuha.sys
[2008/11/11 09:26:12 | 000,015,428 | ---- | C] () -- C:\WINDOWS\urakaxybyl.dll
[2008/11/11 09:26:12 | 000,014,060 | ---- | C] () -- C:\Program Files\Common Files\tywy.dat
[2008/11/11 09:26:12 | 000,013,675 | ---- | C] () -- C:\Program Files\Common Files\xivibebe.ban
[2008/11/11 09:26:12 | 000,013,461 | ---- | C] () -- C:\Program Files\Common Files\ajybicata.exe
[2008/11/11 09:26:12 | 000,013,231 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\amaxavowi.inf
[2008/11/11 09:26:12 | 000,012,038 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mufadibupi.bin
[2008/11/11 09:26:12 | 000,011,903 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aletipy.exe
[2008/11/10 18:49:11 | 000,016,386 | ---- | C] () -- C:\Program Files\Common Files\ozakyqux.lib
[2008/11/10 18:49:11 | 000,015,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bosedori.inf
[2008/11/10 18:49:11 | 000,015,276 | ---- | C] () -- C:\Program Files\Common Files\renipanuw._dl
[2008/11/10 18:49:11 | 000,012,716 | ---- | C] () -- C:\Program Files\Common Files\gigozomid.scr
[2008/11/10 18:49:11 | 000,012,192 | ---- | C] () -- C:\Program Files\Common Files\bumumyji.lib
[2008/11/10 18:49:11 | 000,010,840 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\unan._sy
[2008/11/09 22:23:08 | 000,019,076 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yxadowe.vbs
[2008/11/09 22:23:08 | 000,017,079 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\omyh.inf
[2008/11/09 22:23:08 | 000,017,017 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kidadif.dat
[2008/11/09 22:23:08 | 000,015,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hopule.com
[2008/11/09 22:23:08 | 000,011,350 | ---- | C] () -- C:\Program Files\Common Files\eqiqusa.reg
[2007/09/05 22:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/05/29 14:13:06 | 000,000,039 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2006/12/10 14:32:01 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2006/11/05 02:21:31 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/10/14 08:10:01 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/10/14 08:09:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/18 18:50:34 | 000,000,208 | ---- | C] () -- C:\WINDOWS\POD.INI
[2006/09/18 18:49:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/09/13 15:47:35 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Aurora MPEG To DVD.INI
[2006/08/28 17:03:32 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/01 10:28:47 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/07/08 13:47:33 | 000,000,571 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/06/20 15:37:30 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/07 17:09:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 16:46:15 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 16:42:55 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 16:42:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 16:40:54 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 16:38:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 16:30:30 | 000,000,165 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 16:29:24 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 16:18:40 | 000,004,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 16:17:51 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 16:15:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/03/07 16:14:46 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/07 16:14:46 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/07 16:14:46 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/07 16:14:46 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/07 16:14:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/07 16:13:34 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 15:54:39 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 15:54:39 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 15:54:23 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/01/01 03:49:12 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat
[2005/12/09 16:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/30 23:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/06 00:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/26 09:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/12/12 07:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG10
[2009/03/10 14:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008/11/12 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/02/20 16:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/14 10:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/11/18 12:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/11 05:51:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/03/07 16:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/11/16 20:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/08/10 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hello Kitty Snapshots
[2010/08/10 14:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HelloKittySnapshots
[2006/07/02 10:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jump Hide Kind Road
[2010/12/11 05:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/12/30 09:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2006/08/01 10:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2006/10/05 09:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2007/01/14 15:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/03/12 06:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2006/07/01 18:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2007/05/28 01:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/11/18 04:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 18:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/06/15 15:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/08/25 03:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/25 23:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/11/21 06:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/05/03 07:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/01/31 11:57:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/09/15 12:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/09 16:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/06 18:15:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/11/16 20:47:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2009/03/10 14:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2009/03/10 14:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Douches\Application Data\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2008/10/10 04:31:59 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2008/10/10 04:31:59 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
[2008/08/11 14:42:52 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2008/08/11 14:42:52 | 000,000,000 | ---D | M](C:\Program Files\??stem) -- C:\Program Files\ѕуstem
[2008/08/05 19:21:30 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem32) -- C:\Program Files\Common Files\sуstem32
[2008/08/05 19:21:30 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem32) -- C:\Program Files\Common Files\sуstem32
[2008/08/03 13:54:33 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??stem32) -- C:\Documents and Settings\HP_Administrator\Application Data\ѕуstem32
[2008/07/12 13:56:06 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Міcrosoft.NET
[2008/07/12 13:56:05 | 000,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2008/07/12 13:56:05 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2008/07/12 13:56:05 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
[2008/07/07 19:44:31 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft.NET) -- C:\WINDOWS\Міcrosoft.NET
[2008/07/02 02:56:27 | 000,000,000 | ---D | M](C:\Program Files\Common Files\A?pPatch) -- C:\Program Files\Common Files\AрpPatch
[2008/07/02 02:56:27 | 000,000,000 | ---D | M](C:\Program Files\Common Files\A?pPatch) -- C:\Program Files\Common Files\AрpPatch
[2008/06/07 07:46:40 | 000,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2008/06/05 06:03:36 | 000,000,000 | ---D | M](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2008/06/05 06:03:36 | 000,000,000 | ---D | C](C:\WINDOWS\??pPatch) -- C:\WINDOWS\АрpPatch
[2008/06/03 06:06:34 | 000,000,000 | ---D | M](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2008/06/03 06:06:34 | 000,000,000 | ---D | C](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2008/06/02 06:27:06 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2008/06/02 06:27:06 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
[2008/06/02 06:27:06 | 000,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2008/05/28 07:54:59 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?icrosoft) -- C:\Documents and Settings\HP_Administrator\Application Data\Μicrosoft
[2008/05/05 22:46:04 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2008/05/05 22:46:04 | 000,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2008/04/19 17:38:32 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?icrosoft) -- C:\Documents and Settings\HP_Administrator\Application Data\Мicrosoft
[2008/03/09 05:26:37 | 000,000,000 | ---D | M](C:\Program Files\s?mbols) -- C:\Program Files\sуmbols
[2008/03/09 05:26:37 | 000,000,000 | ---D | M](C:\Program Files\s?mbols) -- C:\Program Files\sуmbols
[2008/03/02 00:02:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2008/03/02 00:02:12 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2008/03/02 00:02:12 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
[2008/03/02 00:02:12 | 000,000,000 | ---D | M](C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
[2008/02/29 19:47:56 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2008/02/29 19:47:56 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2008/02/27 12:04:58 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??crosoft.NET) -- C:\Documents and Settings\HP_Administrator\Application Data\Μіcrosoft.NET
[2008/02/26 12:47:29 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\F?nts) -- C:\Documents and Settings\HP_Administrator\Application Data\Fοnts
[2008/02/22 13:47:05 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2008/02/22 13:47:05 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft) -- C:\WINDOWS\Mіcrosoft
[2008/02/16 09:12:38 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2008/02/16 09:12:38 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
[2007/12/14 17:16:55 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?ssembly) -- C:\Documents and Settings\HP_Administrator\Application Data\аssembly
[2007/11/29 22:32:45 | 000,000,000 | ---D | M](C:\Program Files\a?sembly) -- C:\Program Files\aѕsembly
[2007/11/29 22:32:45 | 000,000,000 | ---D | M](C:\Program Files\a?sembly) -- C:\Program Files\aѕsembly
[2007/11/28 22:30:29 | 000,000,000 | ---D | M](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2007/11/27 10:10:26 | 000,000,000 | ---D | C](C:\WINDOWS\?racle) -- C:\WINDOWS\Οracle
[2007/11/25 17:54:12 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??sembly) -- C:\Documents and Settings\HP_Administrator\Application Data\аѕsembly
[2007/11/25 08:43:52 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Тasks
[2007/11/25 08:43:52 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Тasks
[2007/11/21 22:47:47 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?dobe) -- C:\Documents and Settings\HP_Administrator\Application Data\Аdobe
[2007/11/15 17:34:30 | 000,000,000 | ---D | M](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2007/11/15 17:34:30 | 000,000,000 | ---D | C](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2007/11/06 23:45:22 | 000,000,000 | ---D | M](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2007/10/28 02:06:15 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?ymbols) -- C:\Documents and Settings\HP_Administrator\Application Data\ѕymbols
[2007/10/26 20:45:40 | 000,000,000 | ---D | C](C:\WINDOWS\S?mantec) -- C:\WINDOWS\Sуmantec
[2007/10/20 16:03:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2007/10/20 16:03:17 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2007/10/17 20:37:15 | 000,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2007/10/14 03:14:43 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2007/10/14 03:14:43 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
[2007/10/12 19:05:57 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2007/10/12 19:05:57 | 000,000,000 | ---D | M](C:\Program Files\?dobe) -- C:\Program Files\Αdobe
[2007/10/11 18:56:38 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?ystem) -- C:\Documents and Settings\HP_Administrator\Application Data\ѕystem
[2007/10/09 17:50:01 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\W?nSxS) -- C:\Documents and Settings\HP_Administrator\Application Data\WіnSxS
[2007/10/07 15:39:55 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Μіcrosoft.NET
[2007/10/07 15:39:55 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Μіcrosoft.NET
[2007/10/06 17:36:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2007/10/06 17:36:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2007/10/03 09:49:50 | 000,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Аdobe
[2007/10/03 08:24:48 | 000,000,000 | ---D | M](C:\WINDOWS\??mantec) -- C:\WINDOWS\Ѕуmantec
[2007/10/03 08:24:48 | 000,000,000 | ---D | C](C:\WINDOWS\??mantec) -- C:\WINDOWS\Ѕуmantec
[2007/09/28 19:48:55 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2007/09/28 19:48:55 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
[2007/09/28 19:48:55 | 000,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Аdobe
[2007/09/26 21:30:34 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2007/09/26 21:30:34 | 000,000,000 | ---D | M](C:\Program Files\?ystem) -- C:\Program Files\ѕystem
[2007/09/14 14:46:30 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Τasks
[2007/09/14 14:46:30 | 000,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Τasks
[2007/08/31 17:34:00 | 000,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2007/08/31 17:34:00 | 000,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2007/06/28 23:34:42 | 000,000,000 | ---D | M](C:\WINDOWS\?ystem32) -- C:\WINDOWS\ѕystem32
[2007/06/28 23:34:42 | 000,000,000 | ---D | C](C:\WINDOWS\?ystem32) -- C:\WINDOWS\ѕystem32
[2007/06/18 08:48:51 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?ymantec) -- C:\Documents and Settings\HP_Administrator\Application Data\Ѕymantec
[2007/06/09 15:16:29 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2007/06/09 15:16:29 | 000,000,000 | ---D | M](C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
[2007/05/31 23:32:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2007/05/31 23:32:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2007/05/28 12:49:07 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2007/05/28 12:49:07 | 000,000,000 | ---D | M](C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
[2007/05/25 12:32:22 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\HP_Administrator\Application Data\Μicrosoft.NET
[2007/05/22 21:59:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
[2007/05/22 21:59:08 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
[2007/05/20 15:25:30 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2007/05/20 15:25:30 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
[2007/05/17 14:22:13 | 000,000,000 | ---D | M](C:\WINDOWS\??stem) -- C:\WINDOWS\ѕуstem
[2007/05/17 14:22:13 | 000,000,000 | ---D | C](C:\WINDOWS\??stem) -- C:\WINDOWS\ѕуstem
[2007/05/15 13:23:44 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2007/05/15 13:23:44 | 000,000,000 | ---D | M](C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
[2007/05/12 21:46:58 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??crosoft) -- C:\Documents and Settings\HP_Administrator\Application Data\Міcrosoft
[2007/05/05 21:12:23 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\M?crosoft.NET) -- C:\Documents and Settings\HP_Administrator\Application Data\Mіcrosoft.NET
[2007/04/28 14:09:21 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??pPatch) -- C:\Documents and Settings\HP_Administrator\Application Data\АрpPatch
[2007/04/24 18:23:56 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??mbols) -- C:\Documents and Settings\HP_Administrator\Application Data\ѕуmbols
[2007/04/22 11:10:15 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2007/04/22 11:10:15 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
[2007/04/07 02:45:16 | 000,000,000 | ---D | M](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2007/03/22 03:50:56 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?ecurity) -- C:\Documents and Settings\HP_Administrator\Application Data\ѕecurity
[2007/03/20 09:28:13 | 000,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2007/03/19 06:51:33 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\M?crosoft) -- C:\Documents and Settings\HP_Administrator\Application Data\Mіcrosoft
[2007/03/15 06:32:19 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2007/03/15 06:32:19 | 000,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2007/02/23 08:34:13 | 000,000,000 | ---D | M](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2007/02/23 08:34:13 | 000,000,000 | ---D | C](C:\WINDOWS\s?curity) -- C:\WINDOWS\sеcurity
[2007/02/12 21:47:16 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2007/02/12 21:47:16 | 000,000,000 | ---D | M](C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
[2007/02/08 21:08:31 | 000,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fοnts
[2007/01/24 22:23:05 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2007/01/24 22:23:05 | 000,000,000 | ---D | M](C:\Program Files\F?nts) -- C:\Program Files\Fоnts
[2007/01/23 22:11:43 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2007/01/23 22:11:43 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2007/01/11 18:51:15 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
[2007/01/11 18:51:15 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
[2007/01/10 18:02:58 | 000,000,000 | ---D | C](C:\WINDOWS\?ymbols) -- C:\WINDOWS\ѕymbols
[2007/01/02 18:08:18 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2007/01/02 18:08:18 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/12/27 10:59:12 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\?racle) -- C:\Documents and Settings\HP_Administrator\Application Data\Οracle
[2006/11/13 18:45:33 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2006/11/13 18:45:33 | 000,000,000 | ---D | M](C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft
[2006/09/05 10:55:26 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2006/09/05 10:55:26 | 000,000,000 | ---D | M](C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
[2006/08/26 04:18:25 | 000,000,000 | ---D | M](C:\Documents and Settings\HP_Administrator\Application Data\??stem) -- C:\Documents and Settings\HP_Administrator\Application Data\ѕуstem
[2006/08/24 04:39:24 | 000,000,000 | ---D | M](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2006/08/24 04:39:24 | 000,000,000 | ---D | C](C:\WINDOWS\??mbols) -- C:\WINDOWS\ѕуmbols
[2006/08/23 04:11:55 | 000,000,000 | ---D | M](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2006/08/23 04:11:55 | 000,000,000 | ---D | C](C:\WINDOWS\??crosoft) -- C:\WINDOWS\Μіcrosoft
[2006/08/21 03:34:00 | 000,000,000 | ---D | M](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/08/21 03:34:00 | 000,000,000 | ---D | C](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/08/20 02:57:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Μicrosoft
[2006/08/20 02:57:53 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Μicrosoft
[2006/08/10 21:20:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
[2006/08/10 21:20:57 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
(C:\Program Files\s?stem) -- C:\Program Files\sуstem
(C:\Program Files\s?mbols) -- C:\Program Files\sуmbols
(C:\Program Files\S?mantec) -- C:\Program Files\Sуmantec
(C:\Program Files\F?nts) -- C:\Program Files\Fоnts
(C:\Program Files\Common Files\s?stem32) -- C:\Program Files\Common Files\sуstem32
(C:\Program Files\Common Files\s?stem) -- C:\Program Files\Common Files\sуstem
(C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
(C:\Program Files\Common Files\A?pPatch) -- C:\Program Files\Common Files\AрpPatch
(C:\Program Files\Common Files\?ystem32) -- C:\Program Files\Common Files\ѕystem32
(C:\Program Files\Common Files\?ystem) -- C:\Program Files\Common Files\ѕystem
(C:\Program Files\Common Files\?ymantec) -- C:\Program Files\Common Files\Ѕymantec
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
(C:\Program Files\Common Files\?ppPatch) -- C:\Program Files\Common Files\АppPatch
(C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Мicrosoft.NET
(C:\Program Files\Common Files\?icrosoft.NET) -- C:\Program Files\Common Files\Μicrosoft.NET
(C:\Program Files\Common Files\?icrosoft) -- C:\Program Files\Common Files\Μicrosoft
(C:\Program Files\Common Files\?ecurity) -- C:\Program Files\Common Files\ѕecurity
(C:\Program Files\Common Files\?asks) -- C:\Program Files\Common Files\Тasks
(C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
(C:\Program Files\Common Files\??pPatch) -- C:\Program Files\Common Files\АрpPatch
(C:\Program Files\Common Files\??mantec) -- C:\Program Files\Common Files\Ѕуmantec
(C:\Program Files\Common Files\??crosoft.NET) -- C:\Program Files\Common Files\Μіcrosoft.NET
(C:\Program Files\Common Files\??crosoft) -- C:\Program Files\Common Files\Μіcrosoft
(C:\Program Files\a?sembly) -- C:\Program Files\aѕsembly
(C:\Program Files\?ystem32) -- C:\Program Files\ѕystem32
(C:\Program Files\?ystem) -- C:\Program Files\ѕystem
(C:\Program Files\?ymbols) -- C:\Program Files\ѕymbols
(C:\Program Files\?racle) -- C:\Program Files\Оracle
(C:\Program Files\?icrosoft.NET) -- C:\Program Files\Μicrosoft.NET
(C:\Program Files\?icrosoft) -- C:\Program Files\Мicrosoft
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
(C:\Program Files\?dobe) -- C:\Program Files\Αdobe
(C:\Program Files\?asks) -- C:\Program Files\Τasks
(C:\Program Files\??stem) -- C:\Program Files\ѕуstem
(C:\Program Files\??pPatch) -- C:\Program Files\ΑрpPatch
(C:\Program Files\??mbols) -- C:\Program Files\ѕуmbols
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
(C:\Program Files\??crosoft) -- C:\Program Files\Μіcrosoft

========== Alternate Data Streams ==========

@Alternate Data Stream - 490 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

< End of report >



Extras:
OTL Extras logfile created on: 1/9/2011 10:37:06 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.52 Gb Total Space | 159.90 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive D: | 8.55 Gb Total Space | 0.42 Gb Free Space | 4.92% Space Free | Partition Type: FAT32

Computer Name: YOUR-4DACD0EA75 | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3233919454-1843399440-878560322-1008\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\World of Warcraft\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.3.5.12340-x86-Win-enUS-BKGND-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{27E395E5-EB04-4BFD-96C3-C9A102E97E1B}" = Intel® Viiv™ Software
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"HaaliMkx" = Haali Media Splitter
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"ie8" = Windows Internet Explorer 8
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"LimeWire" = LimeWire 5.5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"TDC0703_2009_0605_1029_is1" = Uninstall Dual Mode Camera (TDC0703)
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 9:48:19 AM | Computer

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 09 January 2011 - 11:22 AM

Can you please also post me the rootkit unhooker log?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Idiot Operator

Idiot Operator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 09 January 2011 - 12:01 PM

Ooh ok sorry I thought I did, here it is:



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB168E000 C:..WINDOWS..system32..drivers..RtkHDAud.sys 4259840 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF012000 C:..WINDOWS..System32..nv4_disp.dll 3919872 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 82.65 )
0xB8580000 C:..WINDOWS..system32..DRIVERS..nv4_mini.sys 3584000 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.65 )
0x804D7000 C:..WINDOWS..system32..ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:..WINDOWS..System32..win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB839A000 C:..WINDOWS..system32..DRIVERS..HSX_DP.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA6913000 C:..WINDOWS..System32..Drivers..dump_iaStor.sys 786432 bytes
0xB9E63000 iaStor.sys 786432 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB82E4000 C:..WINDOWS..system32..DRIVERS..HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D1A000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x9FDEE000 C:..WINDOWS..system32..DRIVERS..wn5301.sys 471040 bytes (Liteon Technology Inc., Driver for Liteon Wireless Network Adapter)
0xA7B69000 C:..WINDOWS..system32..DRIVERS..mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA7A43000 C:..Program Files..Common Files..Symantec Shared..EENGINE..eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB81F4000 C:..WINDOWS..system32..DRIVERS..update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA7C96000 C:..WINDOWS..system32..DRIVERS..tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA4D92000 C:..WINDOWS..system32..DRIVERS..srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB8491000 C:..WINDOWS..system32..DRIVERS..HSXHWBS2.sys 282624 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB9E08000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xA4E9A000 C:..WINDOWS..System32..Drivers..HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8252000 C:..WINDOWS..system32..DRIVERS..rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9CED000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x9FD9B000 C:..WINDOWS..system32..drivers..kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7BD9000 C:..WINDOWS..system32..DRIVERS..rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8544000 C:..WINDOWS..system32..DRIVERS..HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA7C6E000 C:..WINDOWS..system32..DRIVERS..netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB84F9000 C:..WINDOWS..system32..DRIVERS..hcwPP2.sys 159744 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB82BE000 C:..WINDOWS..system32..DRIVERS..e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xA7C48000 C:..WINDOWS..system32..DRIVERS..ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA69D3000 C:..WINDOWS..System32..Drivers..Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB166A000 C:..WINDOWS..system32..drivers..portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8520000 C:..WINDOWS..system32..DRIVERS..USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB84D6000 C:..WINDOWS..system32..DRIVERS..ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA7C26000 C:..WINDOWS..System32..drivers..afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA7C04000 C:..Program Files..SUPERAntiSpyware..SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:..WINDOWS..system32..hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DD0000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9CD3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E4B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9DF0000 C:..WINDOWS..system32..DRIVERS..SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DA7000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8293000 C:..WINDOWS..system32..DRIVERS..ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA4E12000 C:..WINDOWS..system32..drivers..wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB82AA000 C:..WINDOWS..system32..DRIVERS..parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB856C000 C:..WINDOWS..system32..DRIVERS..VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA7CEF000 C:..WINDOWS..system32..DRIVERS..ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:..WINDOWS..System32..drivers..dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DBE000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8282000 C:..WINDOWS..system32..DRIVERS..psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA3FB7000 C:..WINDOWS..System32..Drivers..Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1E8000 C:..WINDOWS..system32..DRIVERS..cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA148000 C:..WINDOWS..system32..DRIVERS..nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA871F000 C:..WINDOWS..system32..DRIVERS..arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB3A26000 C:..WINDOWS..system32..drivers..drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1F8000 C:..WINDOWS..system32..DRIVERS..redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB00B1000 C:..WINDOWS..system32..drivers..sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB0559000 C:..WINDOWS..system32..DRIVERS..usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:..WINDOWS..system32..DRIVERS..1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:..WINDOWS..system32..DRIVERS..CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1D8000 C:..WINDOWS..system32..DRIVERS..i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA208000 C:..WINDOWS..system32..DRIVERS..rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA228000 C:..WINDOWS..system32..DRIVERS..raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA8E78000 C:..WINDOWS..System32..Drivers..Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA238000 C:..WINDOWS..system32..DRIVERS..imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA218000 C:..WINDOWS..system32..DRIVERS..raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA2F8000 C:..WINDOWS..System32..Drivers..NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB9704000 C:..WINDOWS..system32..DRIVERS..termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA118000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA8E98000 C:..WINDOWS..system32..DRIVERS..HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1C8000 C:..WINDOWS..system32..DRIVERS..intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB9714000 C:..WINDOWS..system32..DRIVERS..msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA8E88000 C:..WINDOWS..system32..DRIVERS..netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90665000 C:..WINDOWS..System32..Drivers..Normandy.SYS 36864 bytes (RKU Driver)
0xA8E68000 C:..WINDOWS..system32..DRIVERS..wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA478000 C:..WINDOWS..System32..Drivers..Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA927C000 C:..WINDOWS..System32..Drivers..Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA470000 C:..WINDOWS..system32..DRIVERS..usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA9838000 C:..WINDOWS..system32..DRIVERS..HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:..WINDOWS..system32..DRIVERS..PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA8466000 C:..WINDOWS..system32..DRIVERS..USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA490000 C:..WINDOWS..system32..DRIVERS..GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA488000 C:..WINDOWS..system32..DRIVERS..kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA4B0000 C:..WINDOWS..system32..DRIVERS..mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA9274000 C:..Program Files..SUPERAntiSpyware..SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA468000 C:..WINDOWS..system32..DRIVERS..usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA928C000 C:..WINDOWS..System32..drivers..vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA9284000 C:..WINDOWS..System32..Drivers..Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA480000 C:..WINDOWS..system32..DRIVERS..PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0xBA4A0000 C:..WINDOWS..system32..DRIVERS..ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA4A8000 C:..WINDOWS..system32..DRIVERS..raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA498000 C:..WINDOWS..system32..DRIVERS..TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7D02000 C:..WINDOWS..System32..watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA4E2B000 C:..WINDOWS..system32..DRIVERS..mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA5A4000 C:..WINDOWS..system32..DRIVERS..mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAAD19000 C:..WINDOWS..system32..DRIVERS..ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4BC000 C:..WINDOWS..system32..BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA773D000 C:..WINDOWS..System32..drivers..Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA9321000 C:..WINDOWS..System32..DRIVERS..ELhid.sys 12288 bytes (Intel Corporation, -)
0xA9325000 C:..WINDOWS..system32..DRIVERS..hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8B25D000 C:..WINDOWS..system32..KDCOM.DLL 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xA918F000 C:..WINDOWS..system32..DRIVERS..mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA588000 C:..WINDOWS..system32..DRIVERS..ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA9319000 C:..WINDOWS..system32..DRIVERS..rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA634000 C:..WINDOWS..System32..Drivers..Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA608000 C:..WINDOWS..system32..DRIVERS..ELacpi.sys 8192 bytes (Intel Corporation, -)
0xBA60A000 C:..WINDOWS..System32..DRIVERS..ELkbd.sys 8192 bytes (Intel Corporation, -)
0xBA640000 C:..WINDOWS..System32..DRIVERS..ELmon.sys 8192 bytes (Intel Corporation, -)
0xBA63C000 C:..WINDOWS..System32..DRIVERS..ELmou.sys 8192 bytes (Intel Corporation, -)
0xBA632000 C:..WINDOWS..System32..Drivers..Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA636000 C:..WINDOWS..System32..Drivers..mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA612000 C:..WINDOWS..system32..drivers..MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xBA638000 C:..WINDOWS..System32..DRIVERS..RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA60C000 C:..WINDOWS..system32..DRIVERS..swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5DA000 C:..WINDOWS..system32..DRIVERS..USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA5A8000 C:..WINDOWS..system32..DRIVERS..WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA79E000 C:..WINDOWS..system32..DRIVERS..audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA733F000 C:..WINDOWS..System32..drivers..dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA8D43000 C:..WINDOWS..System32..Drivers..Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x8A925292 ?_empty_? 3438 bytes
==============================================
>Stealth
==============================================
0xB9E63000 WARNING: suspicious driver modification [iaStor.sys::0x8A925292]

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 09 January 2011 - 12:14 PM

Hello again, unfortunately you have a nasty rootkit on board.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Idiot Operator

Idiot Operator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 09 January 2011 - 02:55 PM

Damn, I didnt think it was that bad, FML. I'm proceeding with the cleansing instead of reformatting for now...But something happened.

When I ran the TDSSkiller, it did everything it was supposed to do, and found some rootkit infection..After I clicked Reboot, my computer was stalling to reboot and froze at the 'Turning off computer' screen and no log or anything was saved. Would it be safe to run the TDSS again or..?

Thank you for taking the time to deal with me -__-, I appreciate it.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 09 January 2011 - 03:08 PM

Yes, you can rerun it. If everything went okay, it ought to find nothing now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Idiot Operator

Idiot Operator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 09 January 2011 - 03:25 PM

Alright, I did it, and nothing was found; no logs or anything =D

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 09 January 2011 - 03:54 PM

Thats good! Lets do some more scanning for other malware.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Idiot Operator

Idiot Operator
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:46 PM

Posted 11 January 2011 - 12:24 AM

Sorry for the delay >_>

I tried running combofix and it says I have AVG installed but I dont, I used to a while ago though..So I re-downloaded it, is there a way to get rid of it so I can run combofix?

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 11 January 2011 - 08:24 AM

Run AVG remover and then try again.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:46 PM

Posted 21 January 2011 - 06:25 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users