Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect/Antivirus-Antispyware 2011/Periodic slow internet


  • This topic is locked This topic is locked
20 replies to this topic

#1 rct11

rct11

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 04 May 2011 - 07:34 PM

Hello, I am trying to clean up my sister's computer for her. Running Windows XP (Media Center Edition, 2002, Service Pack 2). Before I started, you could not open any programs, there were pop-ups, random spyware, etc. I have run Malwarebytes, Super Anti Spyware, Spybot S&D, and Avast! anti-virus. All four of these found many things wrong and I followed the instructions and remedied the found problems. However, even after doing this stuff, I still have the following problems:

-the Internet will periodically slow to a near stop even though the connection is fine. I can't load pages. Then it'll work for a while, then it'll slow down again.
-Now, *after* performing the above mentioned steps, I am getting redirected on Google searches
-Now, *after* performing the above mentioned steps, Antivirus Antispyware 2011 has been popping up randomly
-Any external devices, such as my harddrive, will get a single file put on it (once it was myporno.avi, once it was shortcut to Google Chrome)
-Occasionally, when restarting, the computer will fail to start. I can't start in anything but Safe Mode (and sometimes that won't even work)
-Also, and these might not be actual issues, but I cannot open Google Chrome or Photoshop at all (photoshop stops on the "initializing tools" part). Also, I seem to always have 13-15 svchost.exe running, and this seems a bit high to me.

EDIT: I guess I should mention that twice now, I've gotten the "No Audio Device" thing in "Sounds and Device Properties". I went to the motherboard manufacturer's website and downloaded new drivers yesterday and it worked, but it just did it again today.

Any help would be greatly appreciated. If any of the logs of the programs mentioned above are needed, let me know.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 19:42:46.75 on Wed 05/04/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
.
============== Running Processes ===============
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mStart Page = hxxp://www.startsearcher.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uWinlogon: Shell="c:\documents and settings\all users\application data\antivirus antispyware 2011\AS2011.exe" /hide
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.0.41\IPSBHO.DLL
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [updatesst] "c:\documents and settings\all users\application data\antivirus antispyware 2011\AS2011.exe"
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [XpDis0Conf] c:\progra~1\belkin\belkin~1\tool\WinXPDisableZeroConfigation.exe 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84 /d
mRun: [XpOpenAuto] "c:\program files\belkin\belkin 54mbps wireless utility\tool\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9e.exe
IE: &Search
IE: &Winamp Toolbar Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: trymedia.com
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\0fmrgyu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: FaceTheme - Change your Facebook layout!: {EB132DB0-A4CA-11DF-9732-0E29E0D72085} - c:\program files\object\facetheme
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: FaceTheme - Change your Facebook layout!: {EB132DB0-A4CA-11DF-9732-0E29E0D72085} - c:\program files\object\facetheme
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R? BW2NDIS5;BW2NDIS5
R? DNINDIS5;DNINDIS5 NDIS Protocol Driver
R? e43d3b368fd0db9619c4565b4394249f;e43d3b368fd0db9619c4565b4394249f
R? EverestDriver;Lavalys EVEREST Kernel Driver
R? itlperf;Intel CPU Perfermons
R? lgatbus;LG USB Composite Device driver (WDM)
R? lgatmdm;LG CDMA USB Modem Drivers
R? lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)
R? LMIGuardianSvc;LMIGuardianSvc
R? LMIInfo;LogMeIn Kernel Information Provider
R? LMIRfsClientNP;LMIRfsClientNP
R? McrdSvc;Media Center Extender Service
R? NAVENG;NAVENG
R? NAVEX15;NAVEX15
R? srv447C;srv447C
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? BHDrvx86;Symantec Heuristics Driver
S? ccHP;Symantec Hash Provider
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? Norton AntiVirus;Norton AntiVirus
S? PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Symantec Core LC;Symantec Core LC
S? SymEFA;Symantec Extended File Attributes
.
=============== Created Last 30 ================
.
2011-05-04 22:34:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\PassMark
2011-05-04 22:34:17 -------- d-----w- c:\program files\SoundCheck
2011-05-04 22:08:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Antivirus AntiSpyware 2011
2011-05-04 20:37:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-04 20:37:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-05-04 20:11:37 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-05-04 20:06:01 -------- d-----w- c:\program files\MagicISO
2011-05-04 20:01:01 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-05-04 20:01:01 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-05-04 20:00:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-04 19:58:54 -------- d-----w- c:\windows\SHELLNEW
2011-05-04 15:47:48 -------- d-----w- c:\program files\DVD Shrink
2011-05-03 19:04:29 92672 ----a-w- c:\windows\system32\drmstor.dll
2011-05-03 19:04:29 343040 ----a-w- c:\windows\system32\msvcrt.dll
2011-05-03 19:04:29 247326 ----a-w- c:\windows\system32\strmdll.dll
2011-05-03 19:04:28 282654 ----a-w- c:\windows\system32\msaud32.acm
2011-05-03 19:04:28 246272 ----a-w- c:\windows\system32\drmclien.dll
2011-05-03 03:50:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-05-03 03:49:12 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-05-03 03:49:12 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-05-03 03:49:12 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-05-03 03:48:56 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-03 03:48:56 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-03 03:48:55 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-03 03:48:55 5210112 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-03 03:48:55 2770536 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-03 03:48:55 2116894 ----a-w- c:\windows\system32\nvdata.bin
2011-05-03 03:48:55 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-03 03:48:54 13000704 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-03 03:48:24 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-03 03:48:08 -------- d-----w- C:\NVIDIA
2011-05-02 23:16:34 -------- d-----w- c:\program files\CCleaner
2011-05-02 23:08:19 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-02 23:08:05 40112 ----a-w- c:\windows\avastSS.scr
2011-05-02 23:07:56 -------- d-----w- c:\program files\AVAST Software
2011-05-02 23:07:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-02 22:38:52 -------- d-----w- c:\program files\Lavalys
2011-05-02 22:03:16 1409 ----a-w- c:\windows\QTFont.for
2011-05-01 22:38:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-01 22:38:33 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\SUPERAntiSpyware.com
2011-05-01 22:38:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-01 22:32:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 19:50:15 -------- d-----w- C:\Windows Recovery
2011-04-30 03:20:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\bL28611NkCeF28611
2011-04-29 03:51:10 65024 ----a-w- c:\windows\system32\nlsfya64.dll
2011-04-27 15:40:27 59904 ----a-w- c:\windows\system32\nlsfycfg.dll
2011-04-27 14:15:36 122880 --sha-r- c:\windows\system32\pxhpinsts.dll
2011-04-27 14:15:36 122880 --sha-r- c:\program files\common files\pxhpinsts.dll
2011-04-18 18:46:15 -------- d-----w- C:\spoolerlogs
2011-04-18 18:16:38 60424 ----a-w- c:\program files\mozilla firefox\null0.5114665870461288.exe
2011-04-18 18:16:08 60424 ----a-w- c:\program files\mozilla firefox\null0.422185024429821.exe
2011-04-08 02:15:38 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 02:15:38 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15:34 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 02:15:34 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:15:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:15:32 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 02:15:32 145000 ----a-w- c:\windows\system32\nvcolor.exe
.
==================== Find3M ====================
.
2011-04-08 05:14:00 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14:00 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14:00 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3320833AS rev.3.AHH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x881F16F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x881f7a10]; MOV EAX, [0x881f7a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A687AB8]
3 CLASSPNP[0xB810905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\00000090[0x8A7019E8]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A689940]
\Driver\atapi[0x8A191D58] -> IRP_MJ_CREATE -> 0x881F16F0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x881F153B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:56:20.62 ===============

Attached Files


Edited by rct11, 04 May 2011 - 07:43 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 10 May 2011 - 06:05 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 10 May 2011 - 07:09 PM

Hello ST,

In the interim between posting this and your reply, I re-ran the four aforementioned scans. In addition, I then ran combofix using the guidelines provided on this site's instructions. This seemed to fix the major problems until a day later, when again the sound disappeared and it said that I had No Audio Device. I re-ran combofix, and everything has been working since then.

I just now ran TDSS (nothing was found), then OTL as instructed. The three logs you requested are below. Thank you for your help.

TDSS log:
2011/05/10 19:59:50.0398 3232 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 19:59:50.0868 3232 ================================================================================
2011/05/10 19:59:50.0868 3232 SystemInfo:
2011/05/10 19:59:50.0868 3232
2011/05/10 19:59:50.0868 3232 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/10 19:59:50.0868 3232 Product type: Workstation
2011/05/10 19:59:50.0868 3232 ComputerName: LORIEN
2011/05/10 19:59:50.0868 3232 UserName: HP_Administrator
2011/05/10 19:59:50.0868 3232 Windows directory: C:\WINDOWS
2011/05/10 19:59:50.0868 3232 System windows directory: C:\WINDOWS
2011/05/10 19:59:50.0868 3232 Processor architecture: Intel x86
2011/05/10 19:59:50.0868 3232 Number of processors: 2
2011/05/10 19:59:50.0868 3232 Page size: 0x1000
2011/05/10 19:59:50.0868 3232 Boot type: Normal boot
2011/05/10 19:59:50.0868 3232 ================================================================================
2011/05/10 19:59:51.0181 3232 Initialize success
2011/05/10 20:00:14.0616 3440 ================================================================================
2011/05/10 20:00:14.0616 3440 Scan started
2011/05/10 20:00:14.0616 3440 Mode: Manual;
2011/05/10 20:00:14.0616 3440 ================================================================================
2011/05/10 20:00:15.0039 3440 Aavmker4 (78a4db23bb4e8d4349e164d1d90af73f) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/05/10 20:00:15.0164 3440 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/10 20:00:15.0226 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/10 20:00:15.0352 3440 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/10 20:00:15.0430 3440 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/10 20:00:15.0649 3440 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/05/10 20:00:15.0743 3440 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2011/05/10 20:00:15.0758 3440 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2011/05/10 20:00:15.0805 3440 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2011/05/10 20:00:15.0837 3440 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2011/05/10 20:00:15.0868 3440 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/10 20:00:15.0883 3440 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2011/05/10 20:00:16.0071 3440 aswFsBlk (9bdb29e81abceb883556df44649696c4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/05/10 20:00:16.0165 3440 aswMon2 (2ce6da466687cbb3b97e59f8831a27cb) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/05/10 20:00:16.0228 3440 aswRdr (a90cf680ca7a323913ca3a0810c8e02d) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/05/10 20:00:16.0353 3440 aswSnx (f7969934cca2e566e95df17380a3cb11) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/05/10 20:00:16.0478 3440 aswSP (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/05/10 20:00:16.0556 3440 aswTdi (e52e45743e27fd6184c55618a10b81ab) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/05/10 20:00:16.0587 3440 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/10 20:00:16.0666 3440 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/10 20:00:16.0728 3440 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/10 20:00:16.0760 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/10 20:00:16.0807 3440 bb-run (7270d070173b20ac9487ea16bb08b45f) C:\WINDOWS\system32\DRIVERS\bb-run.sys
2011/05/10 20:00:16.0885 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/10 20:00:16.0979 3440 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys
2011/05/10 20:00:17.0041 3440 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/05/10 20:00:17.0057 3440 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/05/10 20:00:17.0276 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/10 20:00:17.0323 3440 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/10 20:00:17.0401 3440 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys
2011/05/10 20:00:17.0479 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/10 20:00:17.0511 3440 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/10 20:00:17.0557 3440 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/10 20:00:17.0620 3440 CDRPDACC (f4dd5641576334e4eeabfe50b065e572) C:\Program Files\321Studios\Shared\CDRPDACC.SYS
2011/05/10 20:00:17.0949 3440 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/10 20:00:18.0027 3440 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/10 20:00:18.0136 3440 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/10 20:00:18.0199 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/10 20:00:18.0277 3440 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/10 20:00:18.0418 3440 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/10 20:00:18.0559 3440 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/10 20:00:18.0606 3440 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/10 20:00:18.0700 3440 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2011/05/10 20:00:18.0840 3440 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/10 20:00:18.0919 3440 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/10 20:00:18.0981 3440 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/10 20:00:19.0044 3440 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/10 20:00:19.0138 3440 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/10 20:00:19.0216 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/10 20:00:19.0294 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/10 20:00:19.0372 3440 ftsata2 (22399d3ce5840c6082844679cca5d2fc) C:\WINDOWS\system32\DRIVERS\ftsata2.sys
2011/05/10 20:00:19.0450 3440 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/10 20:00:19.0482 3440 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/10 20:00:19.0560 3440 hcwPP2 (55e4da7c8cbba1f2d71720fca7a5c086) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
2011/05/10 20:00:19.0623 3440 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/10 20:00:19.0685 3440 HidIr (07577916997e89563ed508c2ab6ff415) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/05/10 20:00:19.0779 3440 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/10 20:00:19.0810 3440 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/10 20:00:19.0842 3440 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/10 20:00:19.0904 3440 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
2011/05/10 20:00:19.0967 3440 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
2011/05/10 20:00:20.0029 3440 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/10 20:00:20.0170 3440 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/10 20:00:20.0342 3440 IDSxpx86 (6e42876010256ee5119baf0838574e0c) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100409.001\IDSxpx86.sys
2011/05/10 20:00:20.0499 3440 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/10 20:00:20.0702 3440 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/10 20:00:20.0858 3440 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/10 20:00:20.0937 3440 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/10 20:00:20.0952 3440 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/10 20:00:20.0999 3440 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/10 20:00:21.0046 3440 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/10 20:00:21.0093 3440 IrBus (0461e205fa8870f9020ffe7c64721e75) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/05/10 20:00:21.0109 3440 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/10 20:00:21.0171 3440 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/10 20:00:21.0203 3440 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/10 20:00:21.0265 3440 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/10 20:00:21.0328 3440 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/10 20:00:21.0406 3440 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/10 20:00:21.0500 3440 lgatbus (ed8854a04430f17a4a237d14ca707cc0) C:\WINDOWS\system32\DRIVERS\lgatbus.sys
2011/05/10 20:00:21.0547 3440 lgatmdm (0e869725086064ff6695a9cb71f27869) C:\WINDOWS\system32\DRIVERS\lgatmdm.sys
2011/05/10 20:00:21.0578 3440 lgatserd (ddfa2e84af1a804aaa24d3d5b6291778) C:\WINDOWS\system32\DRIVERS\lgatserd.sys
2011/05/10 20:00:21.0703 3440 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/05/10 20:00:21.0766 3440 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/05/10 20:00:21.0891 3440 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/10 20:00:21.0969 3440 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/10 20:00:22.0032 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/10 20:00:22.0079 3440 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/10 20:00:22.0141 3440 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/10 20:00:22.0220 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/10 20:00:22.0266 3440 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/10 20:00:22.0360 3440 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/10 20:00:22.0392 3440 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/10 20:00:22.0439 3440 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/10 20:00:22.0454 3440 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/10 20:00:22.0486 3440 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/10 20:00:22.0548 3440 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/10 20:00:22.0595 3440 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/10 20:00:22.0673 3440 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/10 20:00:22.0736 3440 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/10 20:00:22.0955 3440 NAVENG (7eea0e2634fde3c645c9a6d424825261) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100412.003\NAVENG.SYS
2011/05/10 20:00:23.0033 3440 NAVEX15 (83c4db2927a4e871cbf2078b6eed1beb) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100412.003\NAVEX15.SYS
2011/05/10 20:00:23.0221 3440 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/10 20:00:23.0268 3440 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/10 20:00:23.0315 3440 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/10 20:00:23.0377 3440 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/10 20:00:23.0424 3440 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/10 20:00:23.0471 3440 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/10 20:00:23.0549 3440 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/10 20:00:23.0596 3440 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/10 20:00:23.0659 3440 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/10 20:00:23.0721 3440 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/10 20:00:23.0768 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/10 20:00:24.0394 3440 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/10 20:00:25.0145 3440 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/10 20:00:25.0286 3440 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/10 20:00:25.0348 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/10 20:00:25.0380 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/10 20:00:25.0474 3440 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/10 20:00:25.0521 3440 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/10 20:00:25.0552 3440 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/10 20:00:25.0583 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/10 20:00:25.0661 3440 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/10 20:00:25.0740 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/10 20:00:25.0818 3440 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/10 20:00:25.0880 3440 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2011/05/10 20:00:26.0115 3440 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/10 20:00:26.0193 3440 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/10 20:00:26.0256 3440 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/05/10 20:00:26.0318 3440 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/10 20:00:26.0365 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/10 20:00:26.0444 3440 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/10 20:00:26.0600 3440 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
2011/05/10 20:00:26.0631 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/10 20:00:26.0678 3440 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/10 20:00:26.0710 3440 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/10 20:00:26.0741 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/10 20:00:26.0772 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/10 20:00:26.0788 3440 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/10 20:00:26.0835 3440 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/10 20:00:26.0960 3440 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/10 20:00:27.0054 3440 RT2500 (16f6f00e7a89224eb3c5b354be8eccee) C:\WINDOWS\system32\DRIVERS\RT2500.sys
2011/05/10 20:00:27.0085 3440 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/05/10 20:00:27.0195 3440 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/10 20:00:27.0226 3440 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/10 20:00:27.0382 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/10 20:00:27.0445 3440 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/10 20:00:27.0492 3440 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/10 20:00:27.0617 3440 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/10 20:00:27.0664 3440 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/10 20:00:27.0742 3440 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/10 20:00:27.0836 3440 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS
2011/05/10 20:00:27.0883 3440 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS
2011/05/10 20:00:27.0945 3440 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/10 20:00:27.0992 3440 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/10 20:00:28.0055 3440 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/10 20:00:28.0290 3440 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS
2011/05/10 20:00:28.0368 3440 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/10 20:00:28.0399 3440 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS
2011/05/10 20:00:28.0509 3440 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS
2011/05/10 20:00:28.0571 3440 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/05/10 20:00:28.0587 3440 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/05/10 20:00:28.0634 3440 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2011/05/10 20:00:28.0728 3440 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS
2011/05/10 20:00:28.0806 3440 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS
2011/05/10 20:00:28.0931 3440 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/10 20:00:29.0072 3440 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/10 20:00:29.0166 3440 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/10 20:00:29.0213 3440 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/10 20:00:29.0260 3440 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/10 20:00:29.0338 3440 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/10 20:00:29.0416 3440 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/10 20:00:29.0494 3440 usbbus (5aadc9297c39aa249cd994acdba19034) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/05/10 20:00:29.0541 3440 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/10 20:00:29.0588 3440 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/05/10 20:00:29.0651 3440 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/10 20:00:29.0682 3440 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/10 20:00:29.0760 3440 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/05/10 20:00:29.0807 3440 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/10 20:00:29.0854 3440 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/10 20:00:29.0901 3440 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/10 20:00:29.0932 3440 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/10 20:00:29.0979 3440 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/10 20:00:30.0011 3440 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/10 20:00:30.0057 3440 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/10 20:00:30.0120 3440 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/10 20:00:30.0167 3440 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/10 20:00:30.0245 3440 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/10 20:00:30.0355 3440 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/10 20:00:30.0433 3440 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/10 20:00:30.0480 3440 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/10 20:00:30.0621 3440 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/10 20:00:30.0652 3440 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/10 20:00:30.0715 3440 ================================================================================
2011/05/10 20:00:30.0715 3440 Scan finished
2011/05/10 20:00:30.0715 3440 ================================================================================
2011/05/10 20:00:37.0066 3968 Deinitialize success






OTL Logs:
OTL.txt

OTL logfile created on: 5/10/2011 8:01:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 55.52 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.62 Gb Free Space | 6.97% Space Free | Partition Type: FAT32

Computer Name: LORIEN | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 20:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/22 02:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2007/09/19 20:03:07 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/08/09 17:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 20:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LMIGuardianSvc)
SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2011/05/07 11:53:53 | 000,774,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\pdh32.exe -- (RSVP32)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/22 02:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2007/09/19 20:03:07 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/07/25 19:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 19:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/05 08:53:47 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/03 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100412.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100412.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/27 20:31:30 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/10/28 18:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/08/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 02:37:16 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 02:37:16 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 02:37:16 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 02:37:16 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 02:37:16 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 02:37:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 02:37:16 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 02:37:16 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/18 22:09:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 14:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/18 14:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/08/19 18:58:48 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/14 07:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/13 12:47:38 | 000,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/03 11:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 11:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/10 20:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 07:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 07:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/07 15:49:56 | 000,243,200 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/08/18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/06/29 13:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 10:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 03:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/10/16 03:07:00 | 000,060,816 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatserd.sys -- (lgatserd) LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)
DRV - [2002/10/16 03:05:00 | 000,077,104 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatmdm.sys -- (lgatmdm)
DRV - [2002/10/16 03:03:00 | 000,043,024 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatbus.sys -- (lgatbus) LG USB Composite Device driver (WDM)
DRV - [2002/07/25 12:33:58 | 000,004,633 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]

IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2010/12/12 13:38:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/05 20:50:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/05 20:48:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0 \Extensions\\Components: C:\PROGRA~1\NETSCAPE\NETSCA~1\Components
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0 \Extensions\\Plugins: C:\PROGRA~1\NETSCAPE\NETSCA~1\Plugins

[2009/11/24 12:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/05/07 11:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions
[2009/12/30 13:30:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/10 14:28:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}
[2009/08/02 11:48:47 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\searchplugins\mywebsearch.xml
[2011/05/06 13:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/06 13:44:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2009/12/30 12:17:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/12 13:38:10 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2009/11/24 12:27:00 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/11/24 12:27:00 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

Hosts file not found
O2 - BHO: (no name) - {01C5DDE3-3B32-4DAF-B31D-2AC927A88906} - C:\WINDOWS\system32\avicap3232.dll ()
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O2 - BHO: (56cd4f61) - {C9417B74-3F54-6C0C-A4E2-A460D5671452} - C:\WINDOWS\system32\mfc7132.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - File not found
O3 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 18:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 20:00:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/05/10 19:59:33 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/09 00:25:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/07 17:56:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/05/06 22:54:52 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/06 22:19:38 | 001,395,536 | ---- | C] (Easeware ) -- C:\Documents and Settings\HP_Administrator\Desktop\DriverNavigator_Setup.exe
[2011/05/06 18:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\vlc
[2011/05/06 18:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/06 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/06 13:28:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/06 13:23:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/06 13:23:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/06 13:23:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/06 13:23:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/06 13:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/06 13:23:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 20:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/05 20:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/05 20:46:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/05/05 20:46:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/05/05 20:46:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/05/04 18:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lorien
[2011/05/04 18:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/05/04 18:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundCheck
[2011/05/04 18:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\SoundCheck
[2011/05/04 16:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/04 16:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/04 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/04 16:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2011/05/04 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/05/04 16:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/05/04 16:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/05/04 16:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\MagicISO
[2011/05/04 16:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
[2011/05/04 16:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/04 16:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/04 16:01:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2011/05/04 16:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/05/04 16:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/05/04 15:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/04 15:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/05/04 15:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/04 15:57:22 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/05/04 15:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\stephen resume
[2011/05/04 11:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2011/05/04 11:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/05/04 11:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/03 21:01:23 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\My Documents\procexp.exe
[2011/05/03 15:04:29 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmdll.dll
[2011/05/03 15:04:29 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drmstor.dll
[2011/05/03 15:04:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drmclien.dll
[2011/05/03 15:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/02 23:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/05/02 23:48:56 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/05/02 23:48:56 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/02 23:48:55 | 005,210,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/05/02 23:48:55 | 002,770,536 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/05/02 23:48:55 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/05/02 23:48:55 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/05/02 23:48:54 | 013,000,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/05/02 23:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/02 23:48:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/05/02 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/02 19:08:22 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/02 19:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/02 19:08:21 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/02 19:08:20 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/02 19:08:19 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/02 19:08:19 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/02 19:08:18 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/02 19:08:18 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/02 19:08:18 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/02 19:08:05 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/02 19:08:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/02 19:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/02 19:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/02 18:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SystemRequirementsLab
[2011/05/02 18:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavalys
[2011/05/02 18:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011/05/02 17:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Received Files
[2011/05/01 18:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/01 18:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2011/05/01 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/01 18:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/01 18:32:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/01 18:29:38 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/01 15:50:15 | 000,000,000 | ---D | C] -- C:\Windows Recovery
[2011/05/01 08:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/29 23:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bL28611NkCeF28611
[2011/04/18 14:46:15 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/10 20:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/05/10 19:58:14 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2011/05/09 18:57:08 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/05/09 16:45:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/07 11:53:57 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\1544554563
[2011/05/07 11:53:56 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\mfc7132.dll
[2011/05/07 11:53:54 | 000,347,648 | ---- | M] () -- C:\WINDOWS\System32\avicap3232.dll
[2011/05/07 11:53:53 | 000,774,656 | ---- | M] () -- C:\WINDOWS\System32\pdh32.exe
[2011/05/07 11:53:53 | 000,774,656 | ---- | M] () -- C:\WINDOWS\System32\kdcom32.exe
[2011/05/07 11:30:31 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/07 11:28:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 11:28:00 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/07 00:44:01 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/06 22:27:48 | 022,320,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AD1986_32bit_V510014151.rar
[2011/05/06 22:21:05 | 001,395,536 | ---- | M] (Easeware ) -- C:\Documents and Settings\HP_Administrator\Desktop\DriverNavigator_Setup.exe
[2011/05/06 20:49:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/06 13:28:29 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/06 13:21:44 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\My Documents.lnk
[2011/05/06 10:52:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/05 20:51:17 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 20:46:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 20:46:45 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/04 19:41:24 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/05/04 19:40:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/05/04 18:54:19 | 000,636,620 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Uncle Kevin & Lilliah.jpg
[2011/05/04 17:05:55 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/04 16:12:13 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/05/04 16:01:12 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/04 12:03:00 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 15:04:45 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WINAMP.LNK
[2011/05/03 14:40:40 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/05/02 23:49:18 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/02 23:49:18 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/02 23:49:12 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/02 23:49:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/02 22:41:58 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/02 19:08:19 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/02 18:03:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/02 12:40:40 | 003,412,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\My Documents\procexp.exe
[2011/05/01 19:46:20 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\null0
[2011/05/01 18:29:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/01 15:50:17 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~13819700r
[2011/05/01 15:50:17 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~13819700
[2011/05/01 15:50:13 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\13819700
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/04/28 23:51:20 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\nlsfya64.dll
[2011/04/27 11:40:27 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\nlsfycfg.dll
[2011/04/27 10:15:36 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\pxhpinsts.dll
[2011/04/27 10:15:36 | 000,122,880 | RHS- | M] () -- C:\Program Files\Common Files\pxhpinsts.dll
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/04/13 22:56:19 | 000,013,678 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 19:58:12 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2011/05/07 11:53:57 | 000,774,656 | ---- | C] () -- C:\WINDOWS\System32\kdcom32.exe
[2011/05/07 11:53:56 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\mfc7132.dll
[2011/05/07 11:53:55 | 000,774,656 | ---- | C] () -- C:\WINDOWS\System32\pdh32.exe
[2011/05/07 11:53:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\1544554563
[2011/05/07 11:53:54 | 000,347,648 | ---- | C] () -- C:\WINDOWS\System32\avicap3232.dll
[2011/05/06 22:27:23 | 022,320,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AD1986_32bit_V510014151.rar
[2011/05/06 13:23:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/06 13:23:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/06 13:23:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/06 13:23:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/06 13:23:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/06 13:21:44 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\My Documents.lnk
[2011/05/06 12:59:47 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/06 10:52:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/05 20:51:16 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/05 20:48:23 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 19:41:24 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/05/04 19:40:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/05/04 18:54:19 | 000,636,620 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Uncle Kevin & Lilliah.jpg
[2011/05/04 16:14:35 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2011/05/04 16:12:13 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/05/04 16:11:35 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2011/05/04 16:11:01 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011/05/04 16:11:01 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011/05/04 15:42:03 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/05/03 21:01:23 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\procexp.chm
[2011/05/03 15:04:45 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WINAMP.LNK
[2011/05/03 15:04:36 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011/05/02 23:49:12 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/02 23:49:12 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/02 23:49:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/02 23:49:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/02 23:48:56 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/02 23:48:55 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/02 18:03:16 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/02 18:03:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/05/02 14:30:27 | 001,411,492 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\100_8245.JPG
[2011/05/02 00:29:49 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Mozilla Firefox.lnk
[2011/05/01 19:46:20 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\null0
[2011/05/01 15:50:17 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~13819700r
[2011/05/01 15:50:17 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~13819700
[2011/05/01 15:50:13 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\13819700
[2011/04/28 23:51:10 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\nlsfya64.dll
[2011/04/27 11:40:27 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\nlsfycfg.dll
[2011/04/27 10:15:36 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\pxhpinsts.dll
[2011/04/27 10:15:36 | 000,122,880 | RHS- | C] () -- C:\Program Files\Common Files\pxhpinsts.dll
[2011/04/08 08:41:28 | 000,013,678 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8b2703d6w31732awm2mipwed7
[2011/04/08 08:41:28 | 000,013,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
[2011/04/04 23:50:36 | 000,016,330 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/04 23:50:36 | 000,016,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
[2011/04/04 14:44:58 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\j638u7q3443b5j
[2011/04/04 12:25:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/03 19:45:04 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\j638u7q3443b5j
[2011/04/03 19:45:04 | 000,016,524 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\j638u7q3443b5j
[2011/03/24 18:43:35 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2011/03/23 02:43:19 | 000,017,960 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1567659143
[2011/03/23 02:43:19 | 000,017,948 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r
[2011/03/23 02:20:33 | 000,017,960 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r
[2011/03/23 02:20:33 | 000,017,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r
[2011/03/11 21:53:58 | 000,014,808 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\1799715130
[2011/03/11 21:53:58 | 000,014,808 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1799715130
[2010/10/05 18:08:23 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 18:03:22 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/09 06:35:44 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/21 21:25:26 | 000,157,428 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2008/12/21 21:25:26 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2008/04/03 22:59:47 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/04/03 22:59:39 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2008/01/27 11:23:47 | 000,020,751 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2008/01/27 11:23:47 | 000,016,629 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2008/01/26 22:25:39 | 000,020,751 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/01/26 22:25:39 | 000,016,629 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/02/18 11:24:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/11 17:03:42 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/10/29 18:10:49 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/29 14:59:19 | 000,009,198 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/10/29 14:09:49 | 000,002,770 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/29 12:56:39 | 000,595,968 | ---- | C] () -- C:\WINDOWS\System32\WatchPower.exe
[2006/10/29 12:56:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PowerOff.exe
[2006/10/28 20:26:20 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 19:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 18:49:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/19 18:45:16 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/19 18:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 18:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 18:41:13 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 18:29:45 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/19 18:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 18:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 18:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 18:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 18:21:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/19 18:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 18:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 18:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 17:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 17:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 17:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 07:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/02 18:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/08/30 17:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 17:07:46 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 17:07:46 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 17:05:30 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 17:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 16:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 17:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 17:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 17:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 17:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 17:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 17:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 17:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 03:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/09 01:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/08/23 04:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D29BF00
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >




Extras.txt

OTL Extras logfile created on: 5/10/2011 8:01:16 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 55.52 Gb Free Space | 19.20% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.62 Gb Free Space | 6.97% Space Free | Partition Type: FAT32

Computer Name: LORIEN | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\WINDOWS\system32\pdh32.exe" = C:\WINDOWS\system32\pdh32.exe:*:Enabled:Windows Update Service -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:aim.exe -- (America Online, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Disabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\WINDOWS\system32\pdh32.exe" = C:\WINDOWS\system32\pdh32.exe:*:Enabled:Windows Update Service -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57A7B53-0662-4AC0-9352-2AE2D8212A9F}" = Garmin Communicator Plugin
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Instant Messenger" = AOL Instant Messenger
"Audacity_is1" = Audacity 1.2.2
"avast" = avast! Free Antivirus
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Cambridge DesignScape Visualizer_is1" = Cambridge DesignScape Visualizer 4.4.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"DISCover" = DISCover
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD X Rescue" = DVD X Rescue
"DVDXCopyPlatinum" = DVDXCopy Platinum 3.2.1
"EHome Devices" = Media Center Extender
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImgBurn" = ImgBurn
"Install WeatherBug" = Remove WeatherBug Installer
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Rhapsody" = Rhapsody
"Shop for HP Supplies" = Shop for HP Supplies
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"SoundCheck_is1" = SoundCheck V3.0
"VLC media player" = VLC media player 1.1.9
"WildTangent hpmedia Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2011 1:44:13 PM | Computer Name = LORIEN | Source = SecurityCenter | ID = 1803
Description = The Windows Security Center Service was unable to load instances of
FirewallProduct from WMI.

Error - 5/6/2011 1:44:13 PM | Computer Name = LORIEN | Source = SecurityCenter | ID = 1804
Description = The Windows Security Center Service was unable to load instances of
AntiVirusProduct from WMI.

Error - 5/6/2011 8:05:55 PM | Computer Name = LORIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/6/2011 8:05:55 PM | Computer Name = LORIEN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/6/2011 8:44:30 PM | Computer Name = LORIEN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00020a30.

Error - 5/7/2011 11:28:55 AM | Computer Name = LORIEN | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceOperationEvent WHERE
TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct'"
could not be (re)activated in namespace "//./ROOT/SecurityCenter" because of error
0x80041010. Events may not be delivered through this filter until the problem is
corrected.

Error - 5/7/2011 11:28:55 AM | Computer Name = LORIEN | Source = SecurityCenter | ID = 1803
Description = The Windows Security Center Service was unable to load instances of
FirewallProduct from WMI.

Error - 5/7/2011 11:28:55 AM | Computer Name = LORIEN | Source = SecurityCenter | ID = 1804
Description = The Windows Security Center Service was unable to load instances of
AntiVirusProduct from WMI.

Error - 5/8/2011 10:51:43 AM | Computer Name = LORIEN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2011 10:51:48 AM | Computer Name = LORIEN | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 2.0.1.4120, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ Media Center Events ]
Error - 9/20/2008 6:09:40 PM | Computer Name = LORIEN | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 9/20/2008 6:09:40 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 5/7/2011 11:28:56 AM | Computer Name = LORIEN | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/7/2011 11:30:25 AM | Computer Name = LORIEN | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 5/7/2011 11:14:53 PM | Computer Name = LORIEN | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 5/7/2011 11:15:00 PM | Computer Name = LORIEN | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 5/7/2011 11:15:07 PM | Computer Name = LORIEN | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 5/7/2011 11:15:14 PM | Computer Name = LORIEN | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 5/7/2011 11:15:21 PM | Computer Name = LORIEN | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 5/9/2011 12:27:06 AM | Computer Name = LORIEN | Source = Service Control Manager | ID = 7034
Description = The QoS RSVP service terminated unexpectedly. It has done this 1
time(s).

Error - 5/9/2011 12:27:10 AM | Computer Name = LORIEN | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 5/9/2011 12:27:15 AM | Computer Name = LORIEN | Source = Service Control Manager | ID = 7023
Description = The avast! Antivirus service terminated with the following error:
%%127


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 11 May 2011 - 06:56 AM

Hi!

GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    SRV - [2011/05/07 11:53:53 | 000,774,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\pdh32.exe -- (RSVP32)
    FF - prefs.js..network.proxy.type: 4
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
    O2 - BHO: (56cd4f61) - {C9417B74-3F54-6C0C-A4E2-A460D5671452} - C:\WINDOWS\system32\mfc7132.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
    O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - File not found
    O3 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - File not found
    O4 - HKLM..\Run: [avast] File not found
    O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
    O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    [2011/05/01 15:50:15 | 000,000,000 | ---D | C] -- C:\Windows Recovery
    [2011/04/29 23:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bL28611NkCeF28611
    [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]
    [2011/05/07 11:53:57 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\1544554563
    [2011/05/07 11:53:56 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\mfc7132.dll
    [2011/05/07 11:53:54 | 000,347,648 | ---- | M] () -- C:\WINDOWS\System32\avicap3232.dll
    [2011/05/07 11:53:53 | 000,774,656 | ---- | M] () -- C:\WINDOWS\System32\pdh32.exe
    [2011/05/07 11:53:53 | 000,774,656 | ---- | M] () -- C:\WINDOWS\System32\kdcom32.exe
    [2011/05/01 19:46:20 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\null0
    [2011/05/01 15:50:17 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~13819700r
    [2011/05/01 15:50:17 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~13819700
    [2011/05/01 15:50:13 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\13819700
    [2011/04/28 23:51:20 | 000,065,024 | ---- | M] () -- C:\WINDOWS\System32\nlsfya64.dll
    [2011/04/27 11:40:27 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\nlsfycfg.dll
    [2011/04/13 22:56:19 | 000,013,678 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
    [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\Documents and Settings\HP_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\HP_Administrator\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]
    [2011/05/07 11:53:55 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\1544554563
    [2011/05/01 19:46:20 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\null0
    [2011/05/01 15:50:17 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~13819700r
    [2011/05/01 15:50:17 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~13819700
    [2011/05/01 15:50:13 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\13819700
    [2011/04/28 23:51:10 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\nlsfya64.dll
    [2011/04/27 11:40:27 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\nlsfycfg.dll
    [2011/04/08 08:41:28 | 000,013,678 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\8b2703d6w31732awm2mipwed7
    [2011/04/08 08:41:28 | 000,013,678 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7
    [2011/04/04 23:50:36 | 000,016,330 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
    [2011/04/04 23:50:36 | 000,016,330 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q
    [2011/04/04 14:44:58 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\j638u7q3443b5j
    [2011/04/03 19:45:04 | 000,016,536 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\j638u7q3443b5j
    [2011/04/03 19:45:04 | 000,016,524 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\j638u7q3443b5j
    [2011/03/23 02:43:19 | 000,017,960 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1567659143
    [2011/03/23 02:43:19 | 000,017,948 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r
    [2011/03/23 02:20:33 | 000,017,960 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r
    [2011/03/23 02:20:33 | 000,017,948 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r
    [2011/03/11 21:53:58 | 000,014,808 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\1799715130
    [2011/03/11 21:53:58 | 000,014,808 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1799715130
    
    :Reg
    
    :Files
    type "C:\ComboFix.txt" /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 11 May 2011 - 10:56 AM

Hello ST! Thank you so much for your quick reply. I ran GooredFix and OTL like you said. Here are the logs:

GooredFix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 11:46 on 11/05/2011 (HP_Administrator)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:48 06/05/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [16:18 30/12/2009]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [16:18 30/12/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:17 30/12/2009]
"{EB132DB0-A4CA-11DF-9732-0E29E0D72085}"="C:\Program Files\Object\facetheme" [17:38 12/12/2010]

-=E.O.F=-







OTL:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service RSVP32 stopped successfully!
Service RSVP32 deleted successfully!
C:\WINDOWS\system32\pdh32.exe moved successfully.
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9417B74-3F54-6C0C-A4E2-A460D5671452}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9417B74-3F54-6C0C-A4E2-A460D5671452}\ deleted successfully.
C:\WINDOWS\system32\mfc7132.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
C:\Windows Recovery folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\bL28611NkCeF28611\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1532.tmp deleted successfully.
C:\WINDOWS\System32\SET1533.tmp deleted successfully.
C:\WINDOWS\System32\SET1535.tmp deleted successfully.
C:\WINDOWS\System32\SET1588.tmp deleted successfully.
C:\WINDOWS\System32\SET158D.tmp deleted successfully.
C:\WINDOWS\System32\SET1594.tmp deleted successfully.
C:\WINDOWS\System32\SET159D.tmp deleted successfully.
C:\WINDOWS\System32\SET159E.tmp deleted successfully.
C:\WINDOWS\System32\SET159F.tmp deleted successfully.
C:\WINDOWS\System32\SET15A0.tmp deleted successfully.
C:\WINDOWS\System32\SET15A1.tmp deleted successfully.
C:\WINDOWS\System32\SET15A2.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\roncfjsnfv.tmp deleted successfully.
C:\Documents and Settings\HP_Administrator\roncfjsnfv.tmp deleted successfully.
C:\WINDOWS\system32\1544554563 moved successfully.
File C:\WINDOWS\System32\mfc7132.dll not found.
C:\WINDOWS\system32\avicap3232.dll moved successfully.
File C:\WINDOWS\System32\pdh32.exe not found.
C:\WINDOWS\system32\kdcom32.exe moved successfully.
C:\WINDOWS\system32\null0 moved successfully.
C:\Documents and Settings\All Users\Application Data\~13819700r moved successfully.
C:\Documents and Settings\All Users\Application Data\~13819700 moved successfully.
C:\Documents and Settings\All Users\Application Data\13819700 moved successfully.
C:\WINDOWS\system32\nlsfya64.dll moved successfully.
C:\WINDOWS\system32\nlsfycfg.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7 moved successfully.
File C:\WINDOWS\System32\1544554563 not found.
File C:\WINDOWS\System32\null0 not found.
File C:\Documents and Settings\All Users\Application Data\~13819700r not found.
File C:\Documents and Settings\All Users\Application Data\~13819700 not found.
File C:\Documents and Settings\All Users\Application Data\13819700 not found.
File C:\WINDOWS\System32\nlsfya64.dll not found.
File C:\WINDOWS\System32\nlsfycfg.dll not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\8b2703d6w31732awm2mipwed7 moved successfully.
File C:\Documents and Settings\All Users\Application Data\8b2703d6w31732awm2mipwed7 not found.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q moved successfully.
C:\Documents and Settings\All Users\Application Data\c1v7b2004pcko3q46sg5by81ek78o4q moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\j638u7q3443b5j moved successfully.
C:\Documents and Settings\All Users\Application Data\j638u7q3443b5j moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\j638u7q3443b5j moved successfully.
C:\Documents and Settings\All Users\Application Data\1567659143 moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r moved successfully.
C:\Documents and Settings\All Users\Application Data\f78v4p5x5s0g3t1w47316ljd50m8r moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\1799715130 moved successfully.
C:\Documents and Settings\All Users\Application Data\1799715130 moved successfully.
========== REGISTRY ==========
========== FILES ==========
< type "C:\ComboFix.txt" /c >
ComboFix 11-05-06.03 - HP_Administrator 05/07/2011 11:31:49.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1551 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 02:54 . 2011-05-07 02:55 -------- d-----w- C:\32788R22FWJFW
2011-05-06 22:31 . 2011-05-07 00:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2011-05-06 22:30 . 2011-05-06 22:30 -------- d-----w- c:\program files\VideoLAN
2011-05-06 14:52 . 2011-05-06 14:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-05-05 17:54 . 2011-05-05 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-05 16:27 . 2011-05-05 16:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-04 22:34 . 2011-05-04 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2011-05-04 22:34 . 2011-05-04 22:34 -------- d-----w- c:\program files\SoundCheck
2011-05-04 20:37 . 2011-05-04 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-04 20:37 . 2011-05-04 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-04 20:11 . 2011-05-04 20:11 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-05-04 20:06 . 2011-05-04 20:06 -------- d-----w- c:\program files\MagicISO
2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ImgBurn
2011-05-04 20:01 . 2011-05-04 20:01 -------- d-----w- c:\program files\ImgBurn
2011-05-04 20:01 . 2003-06-18 21:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-05-04 20:01 . 2003-06-18 21:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-05-04 20:00 . 2011-05-04 20:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-04 19:58 . 2011-05-04 20:00 -------- d-----w- c:\windows\SHELLNEW
2011-05-04 19:58 . 2011-05-04 19:58 -------- d-----w- c:\program files\Microsoft.NET
2011-05-04 19:57 . 2011-05-04 19:57 -------- d-----r- C:\MSOCache
2011-05-04 15:47 . 2011-05-04 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2011-05-04 15:47 . 2011-05-04 15:47 -------- d-----w- c:\program files\DVD Shrink
2011-05-03 19:04 . 2009-08-26 08:16 247326 ----a-w- c:\windows\system32\strmdll.dll
2011-05-03 19:04 . 2004-08-09 21:00 92672 ----a-w- c:\windows\system32\drmstor.dll
2011-05-03 19:04 . 2004-08-09 21:00 343040 ----a-w- c:\windows\system32\msvcrt.dll
2011-05-03 19:04 . 2009-09-01 14:32 282654 ----a-w- c:\windows\system32\msaud32.acm
2011-05-03 19:04 . 2004-08-09 21:00 246272 ----a-w- c:\windows\system32\drmclien.dll
2011-05-03 19:04 . 2011-05-03 20:15 -------- d-----w- c:\program files\Winamp
2011-05-03 03:48 . 2011-05-03 03:48 -------- d-----w- C:\NVIDIA
2011-05-02 23:16 . 2011-05-02 23:16 -------- d-----w- c:\program files\CCleaner
2011-05-02 23:08 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 23:08 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-02 23:08 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-02 23:08 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-02 23:08 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-02 23:08 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-02 23:08 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-02 23:08 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-02 23:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-02 23:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-02 23:07 . 2011-05-02 23:07 -------- d-----w- c:\program files\AVAST Software
2011-05-02 23:07 . 2011-05-02 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-02 22:43 . 2011-05-02 22:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
2011-05-02 22:38 . 2011-05-02 22:38 -------- d-----w- c:\program files\Lavalys
2011-05-02 22:03 . 2011-05-02 22:03 1409 ----a-w- c:\windows\QTFont.for
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-01 22:32 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 20:04 . 2011-05-01 20:04 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-05-01 19:50 . 2011-05-01 19:50 -------- d-----w- C:\Windows Recovery
2011-05-01 12:07 . 2011-05-01 12:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-30 03:20 . 2011-05-02 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\bL28611NkCeF28611
2011-04-29 03:51 . 2011-04-29 03:51 65024 ----a-w- c:\windows\system32\nlsfya64.dll
2011-04-27 15:40 . 2011-04-27 15:40 59904 ----a-w- c:\windows\system32\nlsfycfg.dll
2011-04-27 14:15 . 2011-04-27 14:15 122880 --sha-r- c:\windows\system32\pxhpinsts.dll
2011-04-27 14:15 . 2011-04-27 14:15 122880 --sha-r- c:\program files\Common Files\pxhpinsts.dll
2011-04-18 18:46 . 2011-04-18 18:46 -------- d-----w- C:\spoolerlogs
2011-04-18 18:16 . 2011-04-18 18:21 60424 ----a-w- c:\program files\Mozilla Firefox\null0.5114665870461288.exe
2011-04-18 18:16 . 2011-04-18 18:16 60424 ----a-w- c:\program files\Mozilla Firefox\null0.422185024429821.exe
2011-04-08 02:15 . 2011-04-08 02:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 02:15 . 2011-04-08 02:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15 . 2011-04-08 02:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 02:15 . 2011-04-08 02:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:15 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:15 . 2011-04-08 02:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 02:15 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2006-08-19 22:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-08-19 22:19 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-08-19 22:19 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-08-19 22:19 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-14 16:26 . 2011-05-06 00:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-06_17.44.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-07 15:28 . 2011-05-07 15:28 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2010-01-28 00:31 . 2009-08-22 06:37 43696 c:\windows\system32\drivers\srtspx.sys
+ 2010-01-28 00:31 . 2009-08-22 06:37 217136 c:\windows\system32\drivers\symtdi.sys
+ 2010-01-28 00:31 . 2009-08-22 06:37 310320 c:\windows\system32\drivers\SymEFA.sys
+ 2010-01-28 00:31 . 2010-01-28 00:31 482432 c:\windows\system32\drivers\cchpx86.sys
+ 2010-01-28 00:31 . 2009-08-22 06:37 259632 c:\windows\system32\drivers\BHDrvx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-10-05 12:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-09 21:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 09:05 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-13 20:05 16239616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-30 16:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [1/27/2010 8:31 PM 310320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 7:08 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2011 7:08 PM 307288]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [1/27/2010 8:31 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [1/27/2010 8:31 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSXpx86.sys [4/12/2010 2:48 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2011 7:08 PM 19544]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 8:31 PM 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/24/2011 6:43 PM 583640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 6:58 PM 102448]
S0 e43d3b368fd0db9619c4565b4394249f;e43d3b368fd0db9619c4565b4394249f;c:\windows\system32\e43d3b368fd0db9619c4565b4394249f.sys --> c:\windows\system32\e43d3b368fd0db9619c4565b4394249f.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [7/7/2007 11:09 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [7/7/2007 11:09 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [7/7/2007 11:14 AM 60816]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\LogMeIn\x86\LMIGuardianSvc.exe" --> c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
itlsvc REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-07 11:45
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-05-07 11:48:40
ComboFix-quarantined-files.txt 2011-05-07 15:48
ComboFix2.txt 2011-05-06 17:52
.
Pre-Run: 59,708,997,632 bytes free
Post-Run: 59,922,903,040 bytes free
.
- - End Of File - - 28EE42DCAB3EDD200783259199D50E78
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26631265 bytes
->FireFox cache emptied: 36613884 bytes
->Flash cache emptied: 2064 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 1451 bytes
->Temporary Internet Files folder emptied: 2271201 bytes
->Java cache emptied: 319923875 bytes
->FireFox cache emptied: 27083397 bytes
->Flash cache emptied: 13034 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 11266 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 21000258 bytes
->Java cache emptied: 5173 bytes
->Flash cache emptied: 61525 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75183 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 155928977 bytes

Total Files Cleaned = 562.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05112011_114744

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JETEFCE.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_37c.dat not found!

Registry entries deleted on Reboot...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 11 May 2011 - 01:25 PM

Hi!

How are things currently running with your computer?

The main infection that you were infected with is called TDL4.

See the snippet of text below:

\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 13 May 2011 - 10:15 PM

Hello, TS!

I am out of town, so I instructed my sister to follow your instructions. The logs for MBAM and ESET are below. She told me that the Security Check did not give her a log. I will tell her tomorrow to look in the appropriate folder for it.

As far as the computer's running, it has been running fine except for one problem that I do not believe has occurred since you starting instructing me. Basically, sometimes the computer will fail to start up properly, regardless of which setting (safe mode, safe mode with networking, etc) is selected. When I choose to disable automatic restarting on system failure, the BSOD that shows up says that atapi.sys is not loading properly. If I enter System Recovery and then restart, the computer loads normally. Like I said, though, I am not sure if this is a problem anymore.

Thank you so much for bearing with me and thank you for your help. The two logs I mentioned are below.

MBAM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6563

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

5/12/2011 8:06:39 PM
mbam-log-2011-05-12 (20-06-32).txt

Scan type: Quick scan
Objects scanned: 163577
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\02000000ae754bb71270c.manifest (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\02000000ae754bb71270o.manifest (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\02000000ae754bb71270p.manifest (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\02000000ae754bb71270s.manifest (Malware.Trace) -> No action taken.


CSET

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Documents and Settings\Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\Administrator\Desktop\GooredFix Backups\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-15821315 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-64c96826 a variant of Java/TrojanDownloader.OpenStream.NBV trojan
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\7\3c30cc87-3cd9e02c multiple threats
C:\Documents and Settings\HP_Administrator\Desktop\Documents\dvdxcopy\321_Studios_DVD_X_COPY_Platinum\dvdxcopypkeymaker.exe a variant of Win32/Keygen.AF application
C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups\C\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar JS/Agent.NDB trojan
C:\Program Files\Mozilla Firefox\null0.422185024429821.exe a variant of Win32/Kryptik.MXO trojan
C:\Program Files\Mozilla Firefox\null0.5114665870461288.exe a variant of Win32/Kryptik.MXO trojan
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0021361.exe Win32/Adware.SecurityEssentials.AB application
C:\_OTL\MovedFiles\05112011_114744\C_WINDOWS\system32\avicap3232.dll a variant of Win32/Kryptik.NHY trojan
C:\_OTL\MovedFiles\05112011_114744\C_WINDOWS\system32\nlsfya64.dll a variant of Win32/Kryptik.MKB trojan
C:\_OTL\MovedFiles\05112011_114744\C_WINDOWS\system32\nlsfycfg.dll a variant of Win32/Kryptik.MKB trojan

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 14 May 2011 - 09:44 AM

Hi!

I need for you to re-run MBAM and take action against those entries that were detected by MBAM.

In regards to SecurityCheck if you can't find the SecurityCheck log, you can just re-run the tool to generate a new log.

Also, I'm going to ask that you submit some files for me, so that I can analysis them further. You're under no obligation to do so, but by doing so it will help to improve the tools we use to combat these infections.

Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::info::http://www.bleepingcomputer.com/forums/topic395531.html/page__view__findpost__p__2246909
    ::bleeping::102
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar
    C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest
    C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar
    C:\Program Files\Mozilla Firefox\null0.422185024429821.exe
    C:\Program Files\Mozilla Firefox\null0.5114665870461288.exe
    
  • Then, just click the Zip button.
  • When finished, and if successful, it should automatically submit a file for me, so that it may be analyzed further. You should also see that a new .zip file has been created on your Desktop. You will be notified of what the file name is when the process has been completed.


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest
    C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar
    C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest
    C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar
    C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-15821315
    C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-64c96826
    C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\7\3c30cc87-3cd9e02c
    C:\Documents and Settings\HP_Administrator\Desktop\Documents\dvdxcopy\321_Studios_DVD_X_COPY_Platinum\dvdxcopypkeymaker.exe
    C:\Program Files\Mozilla Firefox\null0.422185024429821.exe
    C:\Program Files\Mozilla Firefox\null0.5114665870461288.exe
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Edited by SweetTech, 14 May 2011 - 09:46 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 15 May 2011 - 06:55 PM

Hello TS,

I ran MBAM and removed the problems. I re-ran Security Check and the log is below. In order to run, ZipIt, I had to update .Net Framework to v2.0.50727. I did this and ran ZipIt, then ran the OTL fix you posted and the log of that is below.

Upon restarting after MBAM ran, I did get stuck in the boot failure thing I mentioned above, which gives the BSOD and references atapi.sys. This did not happen on the restart after OTL, though. However, a few popups did occur before I did any of the steps mentioned in this post.

Thank you so much so far, ST! I don't know what I'd do without your help!

Security Check log:


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
ESET Online Scanner v3
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````




OTL Log:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\064qru3b.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome.manifest moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}\chrome\xulcache.jar moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-15821315 moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\62\60d9c47e-64c96826 moved successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\7\3c30cc87-3cd9e02c moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Documents\dvdxcopy\321_Studios_DVD_X_COPY_Platinum\dvdxcopypkeymaker.exe moved successfully.
C:\Program Files\Mozilla Firefox\null0.422185024429821.exe moved successfully.
C:\Program Files\Mozilla Firefox\null0.5114665870461288.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrator
->Temp folder emptied: 5105275 bytes
->Temporary Internet Files folder emptied: 13854010 bytes
->Java cache emptied: 420 bytes
->FireFox cache emptied: 34726616 bytes
->Flash cache emptied: 4654 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26158799 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 957 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46610 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: HP_Administrator
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05152011_194704

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JETD0FC.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_378.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_c94.dat moved successfully.

Registry entries deleted on Reboot...

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 16 May 2011 - 08:42 AM

Hi!

This issue with the atapi.sys file is a little worrisome to me. Please run a new scan with ComboFix. It may prompt you to update to install a new update, if it does, please allow it to do so.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 16 May 2011 - 10:02 AM

Hello, ST!

I updated and ran combofix. Here's the log:


ComboFix 11-05-15.04 - HP_Administrator 05/16/2011 10:46:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1387 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-15 23:25 . 2011-05-15 23:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Symantec
2011-05-13 00:08 . 2011-05-13 00:08 -------- d-----w- c:\program files\ESET
2011-05-11 15:47 . 2011-05-11 15:47 -------- d-----w- C:\_OTL
2011-05-06 22:31 . 2011-05-07 00:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2011-05-06 22:30 . 2011-05-06 22:30 -------- d-----w- c:\program files\VideoLAN
2011-05-06 14:52 . 2011-05-06 14:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-05-05 17:54 . 2011-05-05 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-05 16:27 . 2011-05-05 16:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-04 22:34 . 2011-05-04 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2011-05-04 22:34 . 2011-05-04 22:34 -------- d-----w- c:\program files\SoundCheck
2011-05-04 20:37 . 2011-05-04 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-04 20:37 . 2011-05-04 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-04 20:11 . 2011-05-04 20:11 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-05-04 20:06 . 2011-05-04 20:06 -------- d-----w- c:\program files\MagicISO
2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ImgBurn
2011-05-04 20:01 . 2011-05-04 20:01 -------- d-----w- c:\program files\ImgBurn
2011-05-04 20:01 . 2003-06-18 21:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-05-04 20:01 . 2003-06-18 21:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-05-04 20:00 . 2011-05-04 20:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-04 19:58 . 2011-05-04 20:00 -------- d-----w- c:\windows\SHELLNEW
2011-05-04 19:58 . 2011-05-04 19:58 -------- d-----w- c:\program files\Microsoft.NET
2011-05-04 19:57 . 2011-05-04 19:57 -------- d-----r- C:\MSOCache
2011-05-04 15:47 . 2011-05-08 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2011-05-04 15:47 . 2011-05-04 15:47 -------- d-----w- c:\program files\DVD Shrink
2011-05-03 19:04 . 2009-08-26 08:16 247326 ----a-w- c:\windows\system32\strmdll.dll
2011-05-03 19:04 . 2004-08-09 21:00 92672 ----a-w- c:\windows\system32\drmstor.dll
2011-05-03 19:04 . 2004-08-09 21:00 343040 ----a-w- c:\windows\system32\msvcrt.dll
2011-05-03 19:04 . 2009-09-01 14:32 282654 ----a-w- c:\windows\system32\msaud32.acm
2011-05-03 19:04 . 2004-08-09 21:00 246272 ----a-w- c:\windows\system32\drmclien.dll
2011-05-03 19:04 . 2011-05-03 20:15 -------- d-----w- c:\program files\Winamp
2011-05-03 03:48 . 2011-05-03 03:48 -------- d-----w- C:\NVIDIA
2011-05-02 23:16 . 2011-05-02 23:16 -------- d-----w- c:\program files\CCleaner
2011-05-02 23:08 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 23:08 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-02 23:08 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-02 23:08 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-02 23:08 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-02 23:08 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-02 23:08 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-02 23:08 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-02 23:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-02 23:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-02 23:07 . 2011-05-02 23:07 -------- d-----w- c:\program files\AVAST Software
2011-05-02 23:07 . 2011-05-02 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-02 22:43 . 2011-05-02 22:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
2011-05-02 22:38 . 2011-05-02 22:38 -------- d-----w- c:\program files\Lavalys
2011-05-02 22:03 . 2011-05-02 22:03 1409 ----a-w- c:\windows\QTFont.for
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-01 22:32 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 20:04 . 2011-05-01 20:04 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-05-01 12:07 . 2011-05-01 12:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-30 03:20 . 2011-05-02 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\bL28611NkCeF28611
2011-04-27 14:15 . 2011-04-27 14:15 122880 --sha-r- c:\windows\system32\pxhpinsts.dll
2011-04-27 14:15 . 2011-04-27 14:15 122880 --sha-r- c:\program files\Common Files\pxhpinsts.dll
2011-04-18 18:46 . 2011-04-18 18:46 -------- d-----w- C:\spoolerlogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2006-08-19 22:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-08-19 22:19 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-08-19 22:19 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-08-19 22:19 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 02:15 . 2011-04-08 02:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 02:15 . 2011-04-08 02:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15 . 2011-04-08 02:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 02:15 . 2011-04-08 02:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:15 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:15 . 2011-04-08 02:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 02:15 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-14 16:26 . 2011-05-06 00:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-06_17.44.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-15 23:48 . 2011-05-15 23:48 16384 c:\windows\Temp\Perflib_Perfdata_454.dat
+ 2005-08-30 21:07 . 2011-05-15 23:45 63220 c:\windows\system32\perfc009.dat
+ 2005-09-23 11:28 . 2005-09-23 11:28 74240 c:\windows\system32\mscories.dll
+ 2010-01-28 00:31 . 2009-08-22 06:37 43696 c:\windows\system32\drivers\srtspx.sys
+ 2005-09-23 11:28 . 2005-09-23 11:28 83456 c:\windows\system32\dfshim.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 11:28 . 2005-09-23 11:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 11:29 . 2005-09-23 11:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 10:36 . 2005-09-23 10:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 10:29 . 2005-09-23 10:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 10:30 . 2005-09-23 10:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 10:46 . 2005-09-23 10:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 10:46 . 2005-09-23 10:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 10:46 . 2005-09-23 10:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 10:44 . 2005-09-23 10:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 10:42 . 2005-09-23 10:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 10:40 . 2005-09-23 10:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 10:40 . 2005-09-23 10:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 10:40 . 2005-09-23 10:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 10:38 . 2005-09-23 10:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 10:38 . 2005-09-23 10:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 07:46 . 2005-09-23 07:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 10:36 . 2005-09-23 10:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 10:34 . 2005-09-23 10:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 10:34 . 2005-09-23 10:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 10:34 . 2005-09-23 10:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 10:32 . 2005-09-23 10:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 10:29 . 2005-09-23 10:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 55488 c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2011-05-16 01:29 . 2011-05-16 01:29 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\ddf1fb567e52f24cab674cb0fd4e1b77\Microsoft.Build.Framework.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\762b25d34ed25249a07b21eeedc40acd\dfsvc.ni.exe
+ 2011-05-16 01:29 . 2011-05-16 01:29 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d8617a9b36e3af419a896017db4bfd04\Accessibility.ni.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-05-15 23:42 . 2011-05-15 23:42 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-05-15 23:42 . 2011-05-15 23:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-08-30 21:07 . 2011-05-15 23:45 402736 c:\windows\system32\perfh009.dat
+ 2005-09-23 11:28 . 2005-09-23 11:28 150016 c:\windows\system32\mscorier.dll
+ 2010-01-28 00:31 . 2009-08-22 06:37 217136 c:\windows\system32\drivers\symtdi.sys
+ 2010-01-28 00:31 . 2009-08-22 06:37 310320 c:\windows\system32\drivers\SymEFA.sys
+ 2010-01-28 00:31 . 2010-01-28 00:31 482432 c:\windows\system32\drivers\cchpx86.sys
+ 2010-01-28 00:31 . 2009-08-22 06:37 259632 c:\windows\system32\drivers\BHDrvx86.sys
+ 2005-09-23 11:28 . 2005-09-23 11:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 11:57 . 2005-09-23 11:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 11:01 . 2005-09-23 11:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\7dbc7ee8233fb1479a60a5af6d6bdf27\System.Web.RegularExpressions.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\399b52a95173a34aa592f1c8af2cd256\System.Transactions.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\86f7f0a233fcde4a87a00e657eb1cfa7\System.Security.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\714f4e1ff0587d4391f3ccf3a659544b\System.EnterpriseServices.Wrapper.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\714f4e1ff0587d4391f3ccf3a659544b\System.EnterpriseServices.ni.dll
+ 2011-05-15 23:44 . 2011-05-15 23:44 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\6bc9b5b548cd474fa0b30229540b1eeb\System.Drawing.Design.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b2de75ddb913004db834f128d14483b0\System.DirectoryServices.Protocols.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3de1bb6faf319d419ddb0317894868c1\System.Configuration.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f3fa19a4b5724241a4769f3e87ec76f0\Microsoft.Build.Utilities.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\89da2a94495c694790883e8a2120aa63\Microsoft.Build.Engine.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\92fb8465a50799409c6b0fe4ad6d2a83\CustomMarshalers.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\d390dbe68a40104a93516c75b20eb5cd\AspNetMMCExt.ni.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 2109440 c:\windows\Installer\2ae26.msi
+ 2011-05-15 23:44 . 2011-05-15 23:44 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\4525fb45421b8e4f9d4c85ed2714f641\System.ni.dll
+ 2011-05-15 23:44 . 2011-05-15 23:44 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\31a23bf04b691f448f14a2ea3324b559\System.Xml.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\35cb119133fe544da2f251c7fdb0bd17\System.Web.Services.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\f9209b62af3dec4dbe1f9969fdb33444\System.Web.Mobile.ni.dll
+ 2011-05-15 23:44 . 2011-05-15 23:44 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ac47db5b183964cbc8e1461148d3cf8\System.Drawing.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\33c185937b2a7140a67e106acb20b12e\System.DirectoryServices.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dc4cd74bc484d046aaecde5967efdfde\System.Deployment.ni.dll
+ 2011-05-15 23:44 . 2011-05-15 23:44 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\83cb47155961114fbe8d2c5e46e86b59\System.Data.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\66974d014e7ab3429858abc03c553baf\Microsoft.VisualBasic.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c61337d0a8e1fb40874ac887547b9bfa\Microsoft.Build.Tasks.ni.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-05-15 23:43 . 2011-05-15 23:43 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2005-09-23 11:48 . 2005-09-23 11:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi
+ 2011-05-15 23:44 . 2011-05-15 23:44 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0ac5ec43ed42e8489f255274f4092f72\System.Windows.Forms.ni.dll
+ 2011-05-16 01:29 . 2011-05-16 01:29 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a9d8eccf93699a42b289347dbc3554a2\System.Web.ni.dll
+ 2011-05-15 23:45 . 2011-05-15 23:45 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9786e19f56cdd247a45c11715e623d95\System.Design.ni.dll
+ 2011-05-15 23:43 . 2011-05-15 23:44 11411456 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\404e4ebf470a5940895f2d6366ee8cb0\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-10-05 12:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-09 21:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 09:05 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-13 20:05 16239616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-30 16:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [1/27/2010 8:31 PM 310320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 7:08 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2011 7:08 PM 307288]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [1/27/2010 8:31 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [1/27/2010 8:31 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSXpx86.sys [4/12/2010 2:48 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2011 7:08 PM 19544]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 8:31 PM 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/24/2011 6:43 PM 583640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 6:58 PM 102448]
S0 cwtmdje;cwtmdje;c:\windows\system32\drivers\dtuf.sys --> c:\windows\system32\drivers\dtuf.sys [?]
S0 e43d3b368fd0db9619c4565b4394249f;e43d3b368fd0db9619c4565b4394249f;c:\windows\system32\e43d3b368fd0db9619c4565b4394249f.sys --> c:\windows\system32\e43d3b368fd0db9619c4565b4394249f.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [7/7/2007 11:09 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [7/7/2007 11:09 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [7/7/2007 11:14 AM 60816]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\LogMeIn\x86\LMIGuardianSvc.exe" --> c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
itlsvc REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01C5DDE3-3B32-4DAF-B31D-2AC927A88906} - c:\windows\system32\avicap3232.dll
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 10:57
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-05-16 11:00:45
ComboFix-quarantined-files.txt 2011-05-16 15:00
ComboFix2.txt 2011-05-07 15:48
ComboFix3.txt 2011-05-06 17:52
.
Pre-Run: 59,856,871,424 bytes free
Post-Run: 59,827,191,808 bytes free
.
- - End Of File - - 8990371A034EE76983BD5AB9DD7D3F2B





Thanks again!

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 16 May 2011 - 10:09 AM

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Filelook::
C:\WINDOWS\system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\dllcache\atapi.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Edited by SweetTech, 16 May 2011 - 10:11 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 16 May 2011 - 11:35 AM

Hello ST,

Here is the ComboFix log with that script. Thank you!


ComboFix 11-05-15.04 - HP_Administrator 05/16/2011 12:02:35.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1430 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
.
.
2011-05-15 23:25 . 2011-05-15 23:25 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Symantec
2011-05-13 00:08 . 2011-05-13 00:08 -------- d-----w- c:\program files\ESET
2011-05-11 15:47 . 2011-05-11 15:47 -------- d-----w- C:\_OTL
2011-05-06 22:31 . 2011-05-07 00:07 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2011-05-06 22:30 . 2011-05-06 22:30 -------- d-----w- c:\program files\VideoLAN
2011-05-06 14:52 . 2011-05-06 14:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-05-05 17:54 . 2011-05-05 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-05-05 16:27 . 2011-05-05 16:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-04 22:34 . 2011-05-04 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PassMark
2011-05-04 22:34 . 2011-05-04 22:34 -------- d-----w- c:\program files\SoundCheck
2011-05-04 20:37 . 2011-05-04 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-04 20:37 . 2011-05-04 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-04 20:11 . 2011-05-04 20:11 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-05-04 20:06 . 2011-05-04 20:06 -------- d-----w- c:\program files\MagicISO
2011-05-04 20:04 . 2011-05-04 20:04 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ImgBurn
2011-05-04 20:01 . 2011-05-04 20:01 -------- d-----w- c:\program files\ImgBurn
2011-05-04 20:01 . 2003-06-18 21:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-05-04 20:01 . 2003-06-18 21:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-05-04 20:00 . 2011-05-04 20:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-05-04 19:58 . 2011-05-04 20:00 -------- d-----w- c:\windows\SHELLNEW
2011-05-04 19:58 . 2011-05-04 19:58 -------- d-----w- c:\program files\Microsoft.NET
2011-05-04 19:57 . 2011-05-04 19:57 -------- d-----r- C:\MSOCache
2011-05-04 15:47 . 2011-05-08 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2011-05-04 15:47 . 2011-05-04 15:47 -------- d-----w- c:\program files\DVD Shrink
2011-05-03 19:04 . 2009-08-26 08:16 247326 ----a-w- c:\windows\system32\strmdll.dll
2011-05-03 19:04 . 2004-08-09 21:00 92672 ----a-w- c:\windows\system32\drmstor.dll
2011-05-03 19:04 . 2004-08-09 21:00 343040 ----a-w- c:\windows\system32\msvcrt.dll
2011-05-03 19:04 . 2009-09-01 14:32 282654 ----a-w- c:\windows\system32\msaud32.acm
2011-05-03 19:04 . 2004-08-09 21:00 246272 ----a-w- c:\windows\system32\drmclien.dll
2011-05-03 19:04 . 2011-05-03 20:15 -------- d-----w- c:\program files\Winamp
2011-05-03 03:48 . 2011-05-03 03:48 -------- d-----w- C:\NVIDIA
2011-05-02 23:16 . 2011-05-02 23:16 -------- d-----w- c:\program files\CCleaner
2011-05-02 23:08 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-02 23:08 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-02 23:08 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-02 23:08 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-02 23:08 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-02 23:08 . 2011-04-18 17:16 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-02 23:08 . 2011-04-18 17:16 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-02 23:08 . 2011-04-18 17:13 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-02 23:08 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-02 23:08 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-02 23:07 . 2011-05-02 23:07 -------- d-----w- c:\program files\AVAST Software
2011-05-02 23:07 . 2011-05-02 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-02 22:43 . 2011-05-02 22:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SystemRequirementsLab
2011-05-02 22:38 . 2011-05-02 22:38 -------- d-----w- c:\program files\Lavalys
2011-05-02 22:03 . 2011-05-02 22:03 1409 ----a-w- c:\windows\QTFont.for
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2011-05-01 22:38 . 2011-05-01 22:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-01 22:32 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 20:04 . 2011-05-01 20:04 -------- d-s---w- c:\documents and settings\LocalService\UserData
2011-05-01 12:07 . 2011-05-01 12:07 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-04-30 03:20 . 2011-05-02 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\bL28611NkCeF28611
2011-04-27 14:15 . 2011-04-27 14:15 122880 --sha-r- c:\windows\system32\pxhpinsts.dll
2011-04-27 14:15 . 2011-04-27 14:15 122880 --sha-r- c:\program files\Common Files\pxhpinsts.dll
2011-04-18 18:46 . 2011-04-18 18:46 -------- d-----w- C:\spoolerlogs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 05:14 . 2006-08-19 22:20 14856192 ----a-w- c:\windows\system32\nvoglnt.dll
2011-04-08 05:14 . 2006-08-19 22:19 4111232 ----a-w- c:\windows\system32\nv4_disp.dll
2011-04-08 05:14 . 2006-08-19 22:19 2027008 ----a-w- c:\windows\system32\nvapi.dll
2011-04-08 05:14 . 2006-08-19 22:19 12501600 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-04-08 02:15 . 2011-04-08 02:15 81920 ----a-w- c:\windows\system32\nvwddi.dll
2011-04-08 02:15 . 2011-04-08 02:15 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-08 02:15 . 2011-04-08 02:15 277608 ----a-w- c:\windows\system32\nvmccs.dll
2011-04-08 02:15 . 2011-04-08 02:15 13891176 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 02:15 . 2011-04-08 02:15 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 02:15 . 2011-04-08 02:15 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2011-04-08 02:15 . 2011-04-08 02:15 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-04-14 16:26 . 2011-05-06 00:48 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\dllcache\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 95360
Created time: 2004-08-09 21:00
Modified time: 2004-08-04 05:59
MD5: CDFE4411A69C224BD1D11B2DA92DAC51
SHA1: A42FBFEB5A4D94118B483D7F18113AA8C329A052
.
.
--- c:\windows\system32\DRIVERS\atapi.sys ---
Company: Microsoft Corporation
File Description: IDE/ATAPI Port Driver
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: atapi.sys
File size: 95360
Created time: 2004-08-09 21:00
Modified time: 2004-08-04 05:59
MD5: CDFE4411A69C224BD1D11B2DA92DAC51
SHA1: A42FBFEB5A4D94118B483D7F18113AA8C329A052
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-16_14.57.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-16 16:12 . 2011-05-16 16:12 16384 c:\windows\Temp\Perflib_Perfdata_36c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-10-05 12:53 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-09 21:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2006-04-13 09:05 90112 ----a-w- c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-13 20:05 16239616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-30 16:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McrdSvc"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008000.029\SymEFA.sys [1/27/2010 8:31 PM 310320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/2/2011 7:08 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2011 7:08 PM 307288]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008000.029\BHDrvx86.sys [1/27/2010 8:31 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008000.029\cchpx86.sys [1/27/2010 8:31 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSXpx86.sys [4/12/2010 2:48 PM 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2011 7:08 PM 19544]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [1/27/2010 8:31 PM 117640]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [3/24/2011 6:43 PM 583640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 6:58 PM 102448]
S0 cwtmdje;cwtmdje;c:\windows\system32\drivers\dtuf.sys --> c:\windows\system32\drivers\dtuf.sys [?]
S0 e43d3b368fd0db9619c4565b4394249f;e43d3b368fd0db9619c4565b4394249f;c:\windows\system32\e43d3b368fd0db9619c4565b4394249f.sys --> c:\windows\system32\e43d3b368fd0db9619c4565b4394249f.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [7/7/2007 11:09 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [7/7/2007 11:09 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [7/7/2007 11:14 AM 60816]
S4 LMIGuardianSvc;LMIGuardianSvc;"c:\program files\LogMeIn\x86\LMIGuardianSvc.exe" --> c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
itlsvc REG_MULTI_SZ itlperf
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: &Winamp Toolbar Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 12:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\arservice.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ARPWRMSG.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\program files\NORTON ANTIVIRUS\ENGINE\16.8.0.41\cltLMH.exe
.
**************************************************************************
.
Completion time: 2011-05-16 12:17:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-16 16:17
ComboFix2.txt 2011-05-16 15:00
ComboFix3.txt 2011-05-07 15:48
ComboFix4.txt 2011-05-06 17:52
.
Pre-Run: 59,773,779,968 bytes free
Post-Run: 59,745,361,920 bytes free
.
- - End Of File - - 70209B2DD51D6CE168FDB6B3F7B65EDE

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:57 AM

Posted 16 May 2011 - 03:19 PM

Hi!

I'm not suer what is going on with that Atapi.sys error message, but based on the latest scans you've run for me, I'm not entirely convinced that it's malware related.

Lets update a few programs and see where we stand after this.

Update FireFox
You're currently using an outdated version of Firefox. The latest version of Firefox is 3.6.17.

You can get the latest version of Firefox by accessing the Posted Image menu in Firefox and then selecting Posted Image.

Please make sure that you Posted Image again after updating to the latest version to make sure that you have in fact received the latest version.



NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform.
    • 32-bit Select: Windows x86 Offline.
    • 64-bit Select: Windows x64.
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Files
    ipconfig /flushdns /c
    :Commands
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Update Windows XP
Service Pack 3 (SP3)
It would be in your best interest to install this service pack. This update includes all previously released updates for your system.
Microsoft advises that SP1 or SP1a needs to be installed before installing this update.
Attention: The SP3 download is very large! Based on your Internet connection... be prepared, it could take hours to download!!
Alternately, you could see if a friend or family member has the SP3 update on CD or order it from MS for a fee ... based on your location.

This will be a 2 step process...
The 1st step in this process is to apply Service Pack 3 (SP3) for Windows XP. This update, includes security fixes, to protect your computer.
The 2nd step is to apply all the critical updates and patches since SP3 was released.
Note: If at any time during these steps, you experience problems with your computer...:stop: ...Do not continue with the steps and post a description of the problem.
  • First
  • Obtain Windows XP Service Pack 3 from the Microsoft Download Center
  • Click the Download ...button. Choose "Save" at the prompt...and save the file to your desktop.
  • Double click the "WindowsXP-KB936929-SP3-x86-ENU.exe" file on your desktop to install the update.
    When the installation has completed successfully...
  • ! IMPORTANT ! reboot your computer (normally) before proceeding to the next step.
Second
  • Now...Go to: Windows Update and install the Critical Updates.
  • Press the "Express"...button to have all "critical" updates shown.
  • Make sure all critical updates and patches are checked for download and installation.
  • Press the Install Updates ... button to begin downloading and installing the updates
    After successfully installing the critical updates and patches...
  • ! IMPORTANT ! reboot your computer normally (again) before proceeding.


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    hklm\software\clients\startmenuinternet|command /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 rct11

rct11
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 16 May 2011 - 09:42 PM

Hello ST!

I performed all the steps you instructed and ran the OTL Quick Scan with the coding. The log is below.

The computer has been running fine and has actually not done the BSOD/atapi.sys thing since I ran ComboFix (about 5-6 restarts and it has not happened).

I guess I do have a question or two, though: What virus protection programs do you recommend for a computer such as this one? And how often should I run a full system scan? Do you have any advice about anything else that should be done in the future for this machine?

Thank you again, ST!



Here is the first OTL:

========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.22.3 log created on 05162011_212118




Here is the second:



OTL logfile created on: 5/16/2011 10:37:45 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 53.93 Gb Free Space | 18.65% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.62 Gb Free Space | 6.97% Space Free | Partition Type: FAT32

Computer Name: LORIEN | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 20:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009/08/22 02:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/19 20:03:07 | 001,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/02/15 18:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 20:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2011/04/18 13:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LMIGuardianSvc)
SRV - File not found [Auto | Stopped] -- -- (avast! Antivirus)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/08/22 02:37:15 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe -- (Norton AntiVirus)
SRV - [2007/09/19 20:03:07 | 001,247,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2006/07/25 19:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 19:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/10/05 08:53:47 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/03 05:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100412.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 05:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100412.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/27 20:31:30 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/10/28 18:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100409.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/08/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/22 02:37:16 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 02:37:16 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 02:37:16 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 02:37:16 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 02:37:16 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 02:37:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 02:37:16 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 02:37:16 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/18 22:09:07 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/18 14:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/18 14:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/04/14 00:15:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/07/23 10:23:46 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/07/23 10:23:46 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/07/23 10:23:44 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006/08/19 18:58:48 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/14 07:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/13 12:47:38 | 000,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/03 11:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 11:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 07:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 07:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/09/07 15:49:56 | 000,243,200 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT2500.sys -- (RT2500)
DRV - [2005/08/18 00:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/06/29 13:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 10:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 10:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 03:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/10/16 03:07:00 | 000,060,816 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatserd.sys -- (lgatserd) LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM)
DRV - [2002/10/16 03:05:00 | 000,077,104 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatmdm.sys -- (lgatmdm)
DRV - [2002/10/16 03:03:00 | 000,043,024 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgatbus.sys -- (lgatbus) LG USB Composite Device driver (WDM)
DRV - [2002/07/25 12:33:58 | 000,004,633 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\321Studios\Shared\CDRPDACC.SYS -- (CDRPDACC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]

IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E3 DD C5 01 32 3B AF 4D B3 1D 2A C9 27 A8 89 06 [binary data]
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Start Searcher"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {EB132DB0-A4CA-11DF-9732-0E29E0D72085}:1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220


FF - HKLM\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2010/12/12 13:38:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 20:48:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/16 21:18:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0 \Extensions\\Components: C:\PROGRA~1\NETSCAPE\NETSCA~1\Components
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0 \Extensions\\Plugins: C:\PROGRA~1\NETSCAPE\NETSCA~1\Plugins

[2009/11/24 12:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/05/11 11:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions
[2009/12/30 13:30:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/15 19:47:06 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\extensions\{7fe90de8-58b8-4b70-9b08-d6b4b11fd475}
[2009/08/02 11:48:47 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\0fmrgyu5.default\searchplugins\mywebsearch.xml
[2011/05/16 22:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/16 21:19:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/16 22:35:45 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN
[2010/12/12 13:38:10 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/16 21:18:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2009/11/24 12:27:00 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2009/11/24 12:27:00 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/05/16 12:12:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/19 18:40:56 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1418585306-2245127978-2660055155-1007\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 22:33:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/16 22:06:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/16 21:39:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/16 21:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/16 21:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/16 21:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/16 21:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/05/16 21:30:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/16 21:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/16 21:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/16 21:07:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Foxit Software
[2011/05/16 21:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2011/05/16 21:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/05/16 20:52:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/15 19:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Symantec
[2011/05/12 20:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/12 20:08:07 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011/05/11 11:47:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/11 11:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\GooredFix Backups
[2011/05/10 20:00:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/05/10 19:59:33 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/05/07 17:56:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/05/06 22:19:38 | 001,395,536 | ---- | C] (Easeware ) -- C:\Documents and Settings\HP_Administrator\Desktop\DriverNavigator_Setup.exe
[2011/05/06 18:31:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\vlc
[2011/05/06 18:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/05/06 18:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/06 13:28:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/06 13:23:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/06 13:23:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/06 13:23:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/06 13:23:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/06 13:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/06 13:23:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/05 20:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/05 20:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/05 20:46:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/05/05 20:46:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/05/05 20:46:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/05/04 18:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Lorien
[2011/05/04 18:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2011/05/04 18:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundCheck
[2011/05/04 18:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\SoundCheck
[2011/05/04 16:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/04 16:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/04 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/04 16:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2011/05/04 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/05/04 16:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/05/04 16:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2011/05/04 16:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\MagicISO
[2011/05/04 16:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
[2011/05/04 16:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/05/04 16:01:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/05/04 16:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/05/04 16:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/05/04 15:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/05/04 15:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/05/04 15:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/04 15:57:22 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011/05/04 15:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\stephen resume
[2011/05/04 11:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2011/05/04 11:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/05/04 11:47:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/03 21:01:23 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\My Documents\procexp.exe
[2011/05/03 15:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011/05/02 23:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/05/02 23:48:56 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/05/02 23:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/02 23:48:08 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/05/02 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/02 19:08:22 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/02 19:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/02 19:08:21 | 000,307,288 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/02 19:08:20 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/02 19:08:19 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/02 19:08:19 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/02 19:08:18 | 000,102,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/02 19:08:18 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/02 19:08:18 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/02 19:08:05 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/02 19:08:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/02 19:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/02 19:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/02 18:43:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SystemRequirementsLab
[2011/05/02 18:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavalys
[2011/05/02 18:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011/05/02 17:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\My Received Files
[2011/05/01 18:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/01 18:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
[2011/05/01 18:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/05/01 18:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/05/01 18:32:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/01 18:29:38 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/01 08:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/04/29 23:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\bL28611NkCeF28611
[2011/04/18 14:46:15 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 22:37:18 | 000,000,433 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/05/16 22:35:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 22:35:27 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/16 22:35:27 | 000,297,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/16 22:34:11 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/16 22:33:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 22:10:39 | 000,402,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/16 22:10:39 | 000,063,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/16 21:33:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/16 21:07:43 | 000,000,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/16 21:07:43 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/05/16 20:48:36 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/16 20:48:36 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/16 12:12:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/16 08:58:12 | 000,101,925 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cinnamon Eastside Collection.jpg
[2011/05/15 23:16:38 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\untitled.bmp
[2011/05/15 19:45:48 | 000,110,102 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HP_Administrator.zip
[2011/05/13 20:24:02 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2011/05/12 20:08:06 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011/05/11 21:16:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/10 20:00:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/05/10 19:58:14 | 001,280,815 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2011/05/09 18:57:08 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2011/05/09 16:45:07 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/06 22:27:48 | 022,320,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AD1986_32bit_V510014151.rar
[2011/05/06 22:21:05 | 001,395,536 | ---- | M] (Easeware ) -- C:\Documents and Settings\HP_Administrator\Desktop\DriverNavigator_Setup.exe
[2011/05/06 13:28:29 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/06 13:21:44 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\My Documents.lnk
[2011/05/06 10:52:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/05/05 20:51:17 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/04 19:41:24 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/05/04 19:40:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/05/04 18:54:19 | 000,636,620 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Uncle Kevin & Lilliah.jpg
[2011/05/04 16:12:13 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/05/04 16:01:12 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/05/04 12:03:00 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/03 15:04:45 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\WINAMP.LNK
[2011/05/03 14:40:40 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/05/02 23:49:18 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/02 23:49:18 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/02 23:49:12 | 000,259,604 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/02 23:49:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/02 22:41:58 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/02 19:08:19 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/02 18:03:16 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/02 12:40:40 | 003,412,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\HP_Administrator\My Documents\procexp.exe
[2011/05/01 18:29:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\TDSSKiller.exe
[2011/04/27 10:15:36 | 000,122,880 | RHS- | M] () -- C:\WINDOWS\System32\pxhpinsts.dll
[2011/04/27 10:15:36 | 000,122,880 | RHS- | M] () -- C:\Program Files\Common Files\pxhpinsts.dll
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/04/18 13:16:06 | 000,102,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/04/18 13:16:02 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/04/18 13:13:02 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 21:34:21 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/05/16 21:34:21 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/05/16 21:34:19 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/05/16 21:07:43 | 000,000,912 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2011/05/16 21:07:43 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2011/05/16 20:48:36 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/16 08:58:12 | 000,101,925 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cinnamon Eastside Collection.jpg
[2011/05/15 23:16:37 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\untitled.bmp
[2011/05/15 19:45:48 | 000,110,102 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HP_Administrator.zip
[2011/05/13 20:24:07 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SecurityCheck.exe
[2011/05/11 11:42:11 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/10 19:58:12 | 001,280,815 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\tdsskiller.zip
[2011/05/06 22:27:23 | 022,320,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AD1986_32bit_V510014151.rar
[2011/05/06 13:23:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/06 13:23:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/06 13:23:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/06 13:23:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/06 13:23:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/06 13:21:44 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\My Documents.lnk
[2011/05/06 10:52:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/05 20:51:16 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Internet Explorer.lnk
[2011/05/05 20:48:23 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/04 19:41:24 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/05/04 19:40:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/05/04 18:54:19 | 000,636,620 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Uncle Kevin & Lilliah.jpg
[2011/05/04 16:14:35 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2011/05/04 16:12:13 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/05/04 16:11:35 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2011/05/04 16:11:01 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011/05/04 16:11:01 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011/05/04 15:42:03 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Vuze.lnk
[2011/05/03 21:01:23 | 000,072,268 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\procexp.chm
[2011/05/03 15:04:45 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\WINAMP.LNK
[2011/05/03 15:04:36 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011/05/02 23:49:12 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/02 23:49:12 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/02 23:49:12 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/02 23:49:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/05/02 23:48:56 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/05/02 23:48:55 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/02 18:03:16 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/02 18:03:16 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/05/02 14:30:27 | 001,411,492 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\100_8245.JPG
[2011/04/27 10:15:36 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\pxhpinsts.dll
[2011/04/27 10:15:36 | 000,122,880 | RHS- | C] () -- C:\Program Files\Common Files\pxhpinsts.dll
[2011/04/04 12:25:20 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/24 18:43:35 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2010/10/05 18:08:23 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/05 18:03:22 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/07/09 06:35:44 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/12/21 21:25:26 | 000,157,428 | ---- | C] () -- C:\WINDOWS\hpoins27.dat
[2008/12/21 21:25:26 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl27.dat
[2008/04/03 22:59:47 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/04/03 22:59:39 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SimTower.ini
[2008/01/27 11:23:47 | 000,020,751 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2008/01/27 11:23:47 | 000,016,629 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2008/01/26 22:25:39 | 000,020,751 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/01/26 22:25:39 | 000,016,629 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/02/18 11:24:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/11 17:03:42 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/10/29 18:10:49 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/29 14:59:19 | 000,009,198 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2006/10/29 14:09:49 | 000,002,770 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/29 12:56:39 | 000,595,968 | ---- | C] () -- C:\WINDOWS\System32\WatchPower.exe
[2006/10/29 12:56:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PowerOff.exe
[2006/10/28 20:26:20 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 19:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 18:49:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/19 18:45:16 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/19 18:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 18:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 18:41:13 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 18:29:45 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/19 18:29:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/19 18:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 18:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 18:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 18:21:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/19 18:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 18:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 18:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 17:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 17:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 17:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 07:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/02 18:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/08/30 17:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 17:07:46 | 000,402,736 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 17:07:46 | 000,063,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 17:05:30 | 000,297,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 17:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 16:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/10 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 17:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 17:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 17:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 17:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 17:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 17:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 17:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 03:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/09 01:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/13 16:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/08/23 04:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/05/02 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/08/18 23:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/05/02 00:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bL28611NkCeF28611
[2007/02/13 00:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/12/24 02:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2006/11/11 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/05/04 18:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2009/10/16 11:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2011/05/04 18:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/11 09:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/05/03 15:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2006/10/17 13:00:56 | 000,054,784 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2006/10/17 13:00:56 | 000,054,784 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2006/10/17 13:00:56 | 000,054,784 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2006/10/17 13:04:40 | 000,622,080 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-27 07:00:55

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D29BF00
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Edited by rct11, 16 May 2011 - 09:44 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users