Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.tdss


  • This topic is locked This topic is locked
27 replies to this topic

#1 csbeginner

csbeginner

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 04 June 2011 - 09:11 PM

Hi,

I posted about my situation in the Am I Infected section of the forum and was advised by Andrew to follow up here. Here is the link to the thread housing my earlier post and his instructions: http://www.bleepingcomputer.com/forums/topic401626.html . The problem first showed up around June 3, 2011, 6:20PM PST.

I have some additional information since my last post if it helps. End Program dialogs have continued to pop up when I shut down Windows. Not sure, however, if these are the same ones that appeared originally. I also cannot tell you whether these are legitimate programs that are no longer working properly or programs that are part of an infection. They are titled HiddenFaxWindow, MCI command handling window, connections tray.

I have followed the steps posted in the preparation guide here: http://www.bleepingcomputer.com/forums/topic34773.html

At what I believed was the end of the GMER rootkit scan (at least a 7 hour scan), there was a Windows - Fatal Application Exit error. The message was Kerio Personal Firewall Driver: ApiInsertEventIntoQueue Unable to allocate memory for event struct. My computer locked up after that so I had to do a hard reboot.

Below is the log file generated by DDS, and attached are the DDS attach.txt output and GMER ark.txt output.

Thank you!!

------

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by HP_Administrator at 23:32:49 on 2011-06-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2983 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Documents and Settings\HP_Administrator\My Documents\Documents\AutoHotkey\AutoHotkey.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\arservice.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Sandboxie\SbieSvc.exe
svchost.exe
C:\Program Files\Kerio\Personal Firewall\PFWADMIN.EXE
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = localhost:8080
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Pdisolasi] rundll32.exe "c:\windows\etobodamujumu.dll",Startup
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\hp_administrator\my documents\documents\autohotkey\hotkeys\AutoHotkey.ahk
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
IE: Download All Files by HiDownload - c:\program files\streamingstar\hidownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\streamingstar\hidownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264184604906
DPF: {77114B46-8FBD-11D4-A515-00E02975EB07} - hxxp://www.ongakucho.com/download/Altsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: Interfaces\{B64E7899-EDDE-47BC-A22F-AAD7A6C9A0DC} : DhcpNameServer = 192.168.0.1
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\WBSrv.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.0.2 darkillusions.servegame.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\7l4zbg3k.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\opera\program\plugins\npdjvu.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: NewTabURL: newtaburl@sogame.cat - %profile%\extensions\newtaburl@sogame.cat
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: RDown - Rapidshare Downloader: dave2x@download - %profile%\extensions\dave2x@download
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Scroll Search Engines: scrollsearchengines@einaregilsson.com - %profile%\extensions\scrollsearchengines@einaregilsson.com
FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com
FF - Ext: Perapera-kun: Popup Japanese, Chinese, and Korean Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Elementary: {05e38d80-09c1-11dd-bd0b-0800200c9a66} - %profile%\extensions\{05e38d80-09c1-11dd-bd0b-0800200c9a66}
FF - Ext: Qute 3++ (custom mod): {aa26583b-4c35-4729-913e-156956078824} - %profile%\extensions\{aa26583b-4c35-4729-913e-156956078824}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: Tab Wheel Scroll: tabscroll@mthamil - %profile%\extensions\tabscroll@mthamil
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
FF - Ext: XULRunner: {1932308B-EB49-4EF3-AE02-EF0AC947E87D} - c:\documents and settings\hp_administrator\local settings\application data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-28 11608]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2009-10-20 102912]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-28 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-28 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-28 61960]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2008-6-30 96256]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [2008-12-18 23480]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 zlportio;zlportio;\??\c:\ultrastardx\zlportio.sys --> c:\ultrastardx\zlportio.sys [?]
S4 Aisidnaras;Aisidnaras; [x]
S4 Anp.nlf88;Anp.nlf88; [x]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-06-04 03:30:52 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}
2011-06-04 03:00:44 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-04 01:02:40 0 ----a-w- c:\windows\Ckulagovagi.bin
2011-06-04 01:01:27 -------- d-----w- c:\program files\PageRage
2011-06-04 01:01:25 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-05-30 22:04:51 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-05-26 04:03:56 -------- d-----w- C:\Ascend
2011-05-25 04:16:41 -------- d-----w- c:\program files\The Ur-Quan Masters
2011-05-25 04:14:59 -------- d-----w- c:\documents and settings\hp_administrator\application data\uqm
2011-05-23 01:34:30 -------- d-----w- c:\documents and settings\hp_administrator\application data\CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1
2011-05-23 01:34:30 -------- d-----w- c:\documents and settings\hp_administrator\application data\CreeperWorld
2011-05-23 01:33:58 -------- d-----w- c:\program files\Creeper World
2011-05-09 02:59:11 -------- d-----w- c:\documents and settings\hp_administrator\application data\LolClient
2011-05-09 02:40:57 -------- d-----w- C:\Riot Games
2011-05-09 00:33:11 -------- d-----w- c:\program files\alaplaya
2011-05-09 00:32:57 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iscript.dll
2011-05-09 00:32:57 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iuser.dll
2011-05-09 00:32:56 724992 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iKernel.dll
2011-05-09 00:32:56 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\ctor.dll
2011-05-09 00:32:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2011-05-09 00:32:54 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\Setup.dll
2011-05-09 00:32:54 184452 ----a-w- c:\program files\common files\installshield\professional\runtime\09\00\intel32\iGdi.dll
.
==================== Find3M ====================
.
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-13 17:57:11 4900 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2005-05-14 00:12:00 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 18:13:58 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 04:27:00 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 02:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 19:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 17:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 20:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
============= FINISH: 23:34:37.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 10:59 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 02:09 PM

Hi SweetTech,

First, thank you! I really appreciate you taking your time to help me.

Since my last post, I have only accessed the machine a few times to grab some document files, but I've noticed two additional symptoms, both concerning Avira Antivirus. (1) It takes long than usual for Antivir desktop to activate (the umbrella to open), and (2) Avira crashes upon shutting down Windows. Also, while browsing my C:\program files\ folder, I've found an unfamiliar folder titled PageRage with a date modified from the time the machine started to act up. Besides these, everything appears to be running okay... I haven't really used the machine very much at all for fear that any problems are exacerbated.

I have also manually disconnected my Internet connection to the machine by unplugging the Ethernet cable. Please let me know if this should be undone.

Again, many thanks!

Below are the results from the scans you requested.



RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF5F7D000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 9891840 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 266.58 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6397952 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 266.58 )
0xF3833000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4403200 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF7196000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF2DEC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5DE7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF2EF7000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB72FB000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB758A000 C:\WINDOWS\system32\DRIVERS\atksgt.sys 274432 bytes
0xF726C000 ftsata2.sys 274432 bytes (Promise Technology, Inc., Promise Driver for Windows Server 2003)
0xB74A9000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5E45000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB78C5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7169000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB52F0000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF2E5C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF2ECF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF5EFA000 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys 159744 bytes (Hauppauge Computer Works, Inc., WinTV PVR PCI II (v2) WDM Video Capture)
0xF2D9E000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF7302000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF5EB1000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF2EA9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5F44000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF2D7A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF72C7000 fasttx2k.sys 143360 bytes (Promise Technology, Inc., Promise FastTrak Series Driver for WindowsXP)
0xF5ED7000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF5F21000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF2E87000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF3811000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF724C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF2F63000 C:\WINDOWS\system32\Drivers\fwdrv.sys 122880 bytes
0xB7375000 C:\Program Files\Sandboxie\SbieDrv.sys 114688 bytes (tzuk, Sandboxie Kernel Mode Driver)
0xF714F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF72EA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF2D62000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF72AF000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7223000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5E86000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB7C4F000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB7D7D000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB7A5A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5E9D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5F69000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF2F50000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF723A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7347000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5E75000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB77FD000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7667000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7537000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB7E2A000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF74F7000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF6CF3000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF76F7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7677000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB7BCF000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6D53000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7507000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB7A8F000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF74C7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7687000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76A7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF6D13000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7697000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB74FA000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74D7000 bb-run.sys 36864 bytes (Promise Technology, Inc., Promise Disk Accelerator)
0xB7153000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6CE3000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7647000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7487000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6D33000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF74E7000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF6D03000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77FF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7837000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7797000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77E7000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7847000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7787000 C:\WINDOWS\system32\DRIVERS\aracpi.sys 24576 bytes (Microsoft Corporation, Microsoft AR ACPI Driver (Beta 2 Release 2))
0xF77BF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77C7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7807000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF77EF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF780F000 C:\WINDOWS\system32\DRIVERS\arhidfltr.sys 20480 bytes (Microsoft Corporation, Microsoft AR HID Filter Driver (Beta 2 Release 2))
0xF77B7000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20480 bytes
0xF77F7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77A7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF77AF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF779F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF778F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF785F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF3805000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7937000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF68F4000 C:\WINDOWS\system32\DRIVERS\arpolicy.sys 12288 bytes (Microsoft Corporation, Microsoft AR Policy Driver (Beta 2 Release 2))
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF2FBD000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF68F0000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)
0xF5D7A000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF5D66000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF68EC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6910000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A21000 C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2))
0xF7A17000 C:\WINDOWS\system32\DRIVERS\armoucfltr.sys 8192 bytes (Microsoft Corporation, Microsoft AR PS/2 Mouse Filter Driver (Beta 2 Release 2))
0xF7A1F000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7A05000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF798F000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7A31000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A03000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF798D000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A07000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A09000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7991000 speedfan.sys 8192 bytes
0xF79FD000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A01000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7A95000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7BC0000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7A50000 giveio.sys 4096 bytes
0xF7B51000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================






OTL logfile created on: 6/11/2011 11:13:59 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 3.05 Gb Available Physical Memory | 87.13% Memory free
4.84 Gb Paging File | 4.49 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 290.07 Gb Total Space | 35.90 Gb Free Space | 12.38% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.86 Gb Free Space | 10.70% Space Free | Partition Type: FAT32
Drive O: | 953.00 Mb Total Space | 952.28 Mb Free Space | 99.92% Space Free | Partition Type: FAT

Computer Name: ELVIS | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 11:13:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2011/06/03 18:05:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/24 19:49:22 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/08/05 20:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/06/30 14:19:00 | 000,049,664 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/09 11:12:24 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Documents\AutoHotkey\AutoHotkey.exe
PRC - [2007/04/24 19:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/04/30 16:43:32 | 000,389,120 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall\PERSFW.exe


========== Modules (SafeList) ==========

MOD - [2011/06/11 11:13:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/26 16:14:22 | 000,042,672 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll
MOD - [2008/04/13 17:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 17:12:08 | 000,379,392 | ---- | M] () -- C:\WINDOWS\etobodamujumu.dll
MOD - [2007/04/24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files\Stardock\ObjectDock\DockShellHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- -- (npkcmsvc)
SRV - File not found [Disabled | Stopped] -- -- (Anp.nlf88)
SRV - File not found [Disabled | Stopped] -- -- (Aisidnaras)
SRV - [2011/06/03 18:05:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/04/24 19:49:22 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/06/30 14:19:00 | 000,049,664 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2003/04/30 16:43:32 | 000,389,120 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio\Personal Firewall\persfw.exe -- (PersFw)


========== Driver Services (SafeList) ==========

DRV - [2011/04/24 19:49:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 09:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/02 16:47:09 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/18 22:44:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/18 22:44:23 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/12/10 12:30:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.21\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008/08/25 23:46:04 | 000,023,480 | ---- | M] (Wippien Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wip0204.sys -- (wip0204)
DRV - [2008/06/30 15:06:30 | 000,096,256 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2006/09/24 06:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/11 09:43:48 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/03/08 15:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/07/28 11:07:58 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2005/07/03 17:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/30 06:16:26 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/04/14 14:12:12 | 000,175,616 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2004/08/10 12:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/09 22:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/09 22:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/02 19:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/05 08:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002/04/15 12:28:32 | 000,102,912 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\FWDRV.SYS -- (fwdrv)
DRV - [2001/08/17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2000/07/17 16:20:12 | 000,008,896 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\haspnt.sys -- (Haspnt)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Dictionary.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: peraperakun-chinese@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.6
FF - prefs.js..extensions.enabledItems: {251b3fd3-49c9-42c8-a8b3-3b4a1bc84c4f}:1.0.2
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: newtaburl@sogame.cat:2.1.0
FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: scrollsearchengines@einaregilsson.com:1.0.1
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: tabscroll@mthamil:20100121
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {1932308B-EB49-4EF3-AE02-EF0AC947E87D}:1.9.1
FF - prefs.js..extensions.enabledItems: {05e38d80-09c1-11dd-bd0b-0800200c9a66}:2.3.3
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.74
FF - prefs.js..extensions.enabledItems: {aa26583b-4c35-4729-913e-156956078824}:1.4.11.20100129
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D} [2011/06/03 20:30:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 19:12:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 14:46:16 | 000,000,000 | ---D | M]

[2010/02/09 21:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/06/03 18:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions
[2010/02/09 23:45:07 | 000,000,000 | ---D | M] (Elementary) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{05e38d80-09c1-11dd-bd0b-0800200c9a66}
[2010/02/09 23:24:46 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/02/09 21:26:43 | 000,000,000 | ---D | M] (GoToSelected) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{251b3fd3-49c9-42c8-a8b3-3b4a1bc84c4f}
[2010/02/09 21:26:41 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/09 23:29:05 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/02/09 23:46:55 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/02/09 23:46:09 | 000,000,000 | ---D | M] (Qute 3++ (custom mod)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{aa26583b-4c35-4729-913e-156956078824}
[2010/02/09 21:26:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/09 21:26:46 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/02/15 21:51:54 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/02/09 23:30:29 | 000,000,000 | ---D | M] (Perapera-kun: Popup Japanese, Chinese, and Korean Translator) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\chineseperakun@gmail.com
[2010/02/09 21:26:41 | 000,000,000 | ---D | M] (RDown - Rapidshare Downloader) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\dave2x@download
[2010/02/09 21:26:43 | 000,000,000 | ---D | M] (FireGestures) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\firegestures@xuldev.org
[2010/02/09 21:36:15 | 000,000,000 | ---D | M] (Last Tab Close Button) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\last-tab-close-button@victor.sacharin
[2010/02/09 21:26:42 | 000,000,000 | ---D | M] (NewTabURL) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\newtaburl@sogame.cat
[2010/02/09 23:29:04 | 000,000,000 | ---D | M] (Paste and Go 3) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\omiazad@msn.com
[2010/02/09 23:32:04 | 000,000,000 | ---D | M] (Chinese-English Dictionary for Perapera-kun) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\peraperakun-chinese@gmail.com
[2011/06/03 18:01:35 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\plugin@yontoo.com
[2010/02/09 23:29:05 | 000,000,000 | ---D | M] ("Scroll Search Engines") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\scrollsearchengines@einaregilsson.com
[2010/04/04 11:10:31 | 000,000,000 | ---D | M] (Tab Wheel Scroll) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\tabscroll@mthamil
[2010/02/10 11:04:16 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\searchplugins\anidb.xml
[2010/02/10 11:05:44 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\searchplugins\dictionarycom.xml
[2010/02/10 11:06:03 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\searchplugins\thesauruscom.xml
[2011/03/14 18:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/03 20:30:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2010/04/01 19:12:35 | 000,379,406 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 taleworlds.com
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.2 darkillusions.servegame.com
O1 - Hosts: 127.0.0.1 wad.eclub.lv
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 13073 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Pdisolasi] C:\WINDOWS\etobodamujumu.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Shortcut to AutoHotkey.lnk = C:\Documents and Settings\HP_Administrator\My Documents\Documents\AutoHotkey\hotkeys\AutoHotkey.ahk ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 355
O7 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGetAll.htm ()
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\StreamingStar\HiDownload\HDGet.htm ()
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264184604906 (WUWebControl Class)
O16 - DPF: {77114B46-8FBD-11D4-A515-00E02975EB07} http://www.ongakucho.com/download/Altsax.cab (Altsax Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\HP_Administratorwall2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\All Users\Documents\Stardock\WindowBlinds\HP_Administratorwall2.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/19 10:28:54 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/06/04 20:36:44 | 000,000,000 | RHSD | M] - O:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{4d961718-350a-11df-8f89-0013d4e288e9}\Shell\AutoRun\command - "" = O:\PMBP_Win.exe
O33 - MountPoints2\{a5777bda-d8ca-11df-907e-0013d4e288e9}\Shell\AutoRun\command - "" = N:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 11:09:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/06/10 16:22:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator\Recent
[2011/06/03 23:32:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Administrative Tools
[2011/06/03 23:22:41 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/06/03 21:10:52 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\1234.com
[2011/06/03 20:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}
[2011/06/03 20:00:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/03 18:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/03 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/03 18:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/05/30 15:04:51 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011/05/30 15:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Hamachi
[2011/05/25 21:03:56 | 000,000,000 | ---D | C] -- C:\Ascend
[2011/05/24 21:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\The Ur-Quan Masters
[2011/05/24 21:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\The Ur-Quan Masters
[2011/05/24 21:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\uqm
[2011/05/22 18:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1
[2011/05/22 18:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\CreeperWorld
[2011/05/22 18:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KnuckleCracker
[2011/05/22 18:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\Creeper World
[2011/05/22 18:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/11/22 20:16:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.sys
[1996/11/18 23:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 11:13:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/06/11 11:13:12 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RKUnhookerLE.EXE
[2011/06/11 11:09:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ckulagovagi.bin
[2011/06/11 10:52:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/09 21:27:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/07 19:43:48 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/04 14:01:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/03 23:26:24 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/06/03 23:23:21 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2011/06/03 23:22:41 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/06/03 23:22:20 | 000,000,143 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\prepguide.url
[2011/06/03 23:21:21 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2011/06/03 23:00:47 | 000,136,521 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\system strangeness1.JPG
[2011/06/03 21:29:30 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Administrator\Desktop\1234.com
[2011/06/03 20:30:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lriqevifo.dat
[2011/06/03 17:55:58 | 205,831,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\[UTW]_Ano_Hana_-_08_[XviD][C9A00E6C].avi
[2011/06/02 22:12:15 | 734,003,200 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Left 4 Dead 2.part01.rar
[2011/06/01 18:50:27 | 000,082,625 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2011 06 XXXXXXXXXXXXXXXXXXXXXXXXXX.pdf
[2011/05/30 21:06:30 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 15:26:55 | 181,356,076 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Hatsuyuki]_C_The_Money_of_Soul_and_Possibility_Control_-_05_[704x400][CD03C4CC].avi
[2011/05/29 12:32:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/29 00:02:12 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Watch Battlestar Galactica Season 1 Online for Free.URL
[2011/05/28 11:14:41 | 197,054,430 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Steins;Sub]_Steins;Gate_08_[XviD][59B8EB8C].avi
[2011/05/24 21:48:56 | 019,301,095 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\s11.zip
[2011/05/24 21:21:01 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Ur-Quan Masters.lnk
[2011/05/24 20:48:02 | 000,000,068 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Watch My Name Is Earl Season 1 Online for Free.URL
[2011/05/24 19:48:22 | 112,213,316 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Gratuitous.Space.Battles.v1.50.incl.DLC.RIP-Unleashed_upped_by_gaju123.rar
[2011/05/24 19:27:31 | 011,543,975 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Reunion.zip
[2011/05/24 19:21:28 | 007,146,269 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Star Control II.zip
[2011/05/24 19:17:18 | 003,331,781 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpellCraft - Aspects of Valor.zip
[2011/05/22 18:33:58 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Creeper World.lnk
[2011/05/20 17:33:29 | 209,974,574 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Steins;Sub]_Steins;Gate_07_[XviD][F6643A7E].avi
[2011/05/14 12:56:56 | 000,000,078 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Walljump list - My S4 League Forums.URL
[2011/05/13 19:04:55 | 000,000,095 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GameFAQs Pokemon FireRed Version (GBA) Pokedex by strawhat.URL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator\*.tmp files -> C:\Documents and Settings\HP_Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 11:09:56 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\RKUnhookerLE.EXE
[2011/06/03 23:38:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe
[2011/06/03 23:26:14 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2011/06/03 23:23:21 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2011/06/03 23:22:08 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\prepguide.url
[2011/06/03 23:21:21 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2011/06/03 23:00:46 | 000,136,521 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\system strangeness1.JPG
[2011/06/03 18:02:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lriqevifo.dat
[2011/06/03 18:02:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ckulagovagi.bin
[2011/06/03 17:49:12 | 205,831,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[UTW]_Ano_Hana_-_08_[XviD][C9A00E6C].avi
[2011/06/02 21:42:24 | 734,003,200 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Left 4 Dead 2.part01.rar
[2011/06/01 18:50:25 | 000,082,625 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2011 06 XXXXXXXXXXXXXXXXXXXXXXXXX.pdf
[2011/05/30 15:19:34 | 181,356,076 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Hatsuyuki]_C_The_Money_of_Soul_and_Possibility_Control_-_05_[704x400][CD03C4CC].avi
[2011/05/29 00:02:12 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Watch Battlestar Galactica Season 1 Online for Free.URL
[2011/05/28 11:06:43 | 197,054,430 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Steins;Sub]_Steins;Gate_08_[XviD][59B8EB8C].avi
[2011/05/24 21:48:29 | 019,301,095 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\s11.zip
[2011/05/24 21:21:01 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Ur-Quan Masters.lnk
[2011/05/24 20:48:02 | 000,000,068 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Watch My Name Is Earl Season 1 Online for Free.URL
[2011/05/24 19:45:10 | 112,213,316 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Gratuitous.Space.Battles.v1.50.incl.DLC.RIP-Unleashed_upped_by_gaju123.rar
[2011/05/24 19:27:02 | 011,543,975 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Reunion.zip
[2011/05/24 19:21:11 | 007,146,269 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Star Control II.zip
[2011/05/24 19:17:06 | 003,331,781 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SpellCraft - Aspects of Valor.zip
[2011/05/22 18:33:58 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Creeper World.lnk
[2011/05/20 17:24:45 | 209,974,574 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Steins;Sub]_Steins;Gate_07_[XviD][F6643A7E].avi
[2011/05/14 12:56:56 | 000,000,078 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Walljump list - My S4 League Forums.URL
[2011/05/13 19:04:55 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GameFAQs Pokemon FireRed Version (GBA) Pokedex by strawhat.URL
[2011/03/01 20:03:47 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/01 20:03:43 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/01 20:03:43 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/09/05 11:24:30 | 000,036,540 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010/03/25 21:38:21 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdcurses.dll
[2010/03/17 15:18:27 | 000,210,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/05 18:00:34 | 000,002,645 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/12/04 16:12:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/22 20:17:58 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\vso_ts_preview.xml
[2009/11/22 20:16:52 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
[2009/11/22 20:16:52 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.cat
[2009/11/22 20:16:52 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\pcouffin.inf
[2009/10/24 11:16:24 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2009/10/20 19:04:58 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FWDRV.SYS
[2009/10/10 17:48:50 | 000,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/10 17:48:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/10 17:48:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/10 17:48:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/08 17:03:06 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/09/04 10:16:38 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/07/26 15:51:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/06/07 17:19:58 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LastUpdate.xml
[2009/05/18 13:30:29 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2009/04/30 23:02:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/04/22 01:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/01/03 22:59:43 | 000,000,203 | ---- | C] () -- C:\WINDOWS\GSdx9 sse2.INI
[2008/12/23 19:57:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/12/23 19:57:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/23 17:22:24 | 000,141,612 | ---- | C] () -- C:\WINDOWS\System32\drivers\dump_wmimmc.sys
[2008/12/11 22:48:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/04 03:16:00 | 002,059,264 | ---- | C] () -- C:\WINDOWS\setup_rangers_2.exe
[2008/08/23 16:21:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/08/14 11:27:45 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2008/08/14 11:27:45 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2008/08/14 11:27:45 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2008/08/14 11:24:50 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/08/14 11:24:50 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/08/14 11:14:31 | 000,002,072 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2008/06/04 17:01:55 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2008/05/12 13:42:21 | 000,001,890 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/05/12 13:42:21 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\5A6CDACA15.sys
[2008/04/18 19:14:23 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\system1.dat
[2008/04/12 09:10:34 | 000,000,054 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2008/04/12 09:08:16 | 000,004,152 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2008/03/21 18:06:30 | 000,045,568 | R--- | C] () -- C:\WINDOWS\UniFish3.exe
[2008/03/18 21:06:43 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/03/18 21:06:43 | 000,002,551 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/11/04 21:50:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007/10/25 11:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007/10/25 10:46:26 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/10/25 10:46:25 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/28 09:18:33 | 000,000,380 | -H-- | C] () -- C:\WINDOWS\WINRDPD30.SYS
[2007/08/04 16:23:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2007/08/04 16:22:55 | 000,000,227 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/06/17 16:46:16 | 000,000,785 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/05/20 20:55:50 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2552AE3F8A.sys
[2007/05/20 20:55:48 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/06 18:54:54 | 000,002,789 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2007/05/06 18:05:08 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2007/03/09 21:15:46 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/02 20:59:52 | 000,468,084 | ---- | C] () -- C:\WINDOWS\cluninst.exe
[2007/03/02 20:52:59 | 000,000,021 | ---- | C] () -- C:\WINDOWS\etkinst.ini
[2007/02/21 22:00:45 | 000,000,136 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/02/07 17:27:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/07 17:26:57 | 000,004,631 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/04 11:16:10 | 000,074,240 | ---- | C] () -- C:\WINDOWS\ogg.exe
[2006/12/31 14:37:03 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\AutoGK.ini
[2006/12/08 18:10:39 | 000,000,227 | ---- | C] () -- C:\WINDOWS\wldtlk20.ini
[2006/12/08 17:50:56 | 000,000,625 | ---- | C] () -- C:\WINDOWS\tlknw20.ini
[2006/12/01 17:25:06 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2006/12/01 17:25:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hsduinst.exe
[2006/12/01 17:20:16 | 000,008,896 | ---- | C] () -- C:\WINDOWS\System32\haspnt.sys
[2006/12/01 15:21:32 | 000,000,593 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2006/12/01 14:50:16 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\Haspdos.sys
[2006/11/17 22:06:26 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/11/17 21:53:58 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/17 21:53:58 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/11/17 21:53:58 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/11/03 21:29:59 | 000,000,285 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/10/14 11:23:51 | 000,036,734 | ---- | C] () -- C:\WINDOWS\System32\OggDSuninst.exe
[2006/09/08 19:33:40 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/08 19:33:28 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/08 19:32:09 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/09/08 19:31:56 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/09/08 19:31:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/09/08 19:31:31 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/09/08 19:30:29 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/08 19:29:26 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/08/17 18:18:45 | 000,594,450 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006/08/04 19:24:28 | 000,010,747 | ---- | C] () -- C:\WINDOWS\System32\UDBDef.exe
[2006/06/22 16:35:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\emule.INI
[2006/06/12 05:56:24 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/06/11 14:20:48 | 000,000,767 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/06/04 16:57:59 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/06/04 16:57:58 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2006/06/04 16:57:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2006/05/18 13:04:00 | 000,000,149 | ---- | C] () -- C:\WINDOWS\SCXEdit.ini
[2006/05/17 14:07:09 | 000,032,845 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2006/03/28 19:36:55 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/11 11:12:49 | 000,000,422 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2006/01/13 17:48:12 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/13 17:48:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 16:43:17 | 000,018,991 | ---- | C] () -- C:\WINDOWS\System32\Vmscnt3.dll
[2006/01/05 15:08:32 | 000,000,189 | ---- | C] () -- C:\WINDOWS\GSdx9-sse2.INI
[2005/12/31 13:14:15 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/12/30 21:23:40 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WindowsSniper.INI
[2005/12/21 13:38:59 | 000,003,499 | ---- | C] () -- C:\WINDOWS\KM1Pref.ini
[2005/12/11 15:28:00 | 000,003,498 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2005/12/10 18:39:12 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 12:21:22 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/10/24 11:13:58 | 000,066,560 | RHS- | C] () -- C:\WINDOWS\MOTA113.exe
[2005/10/19 10:59:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/10/19 10:33:21 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2005/10/19 10:32:40 | 000,014,291 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/10/19 10:32:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/10/19 10:25:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/19 10:19:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/10/19 10:19:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/10/19 10:19:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/10/19 10:19:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/10/19 10:19:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/10/19 10:19:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/10/19 09:58:27 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/10/19 09:57:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/10/19 09:54:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2005/10/19 09:38:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/10/19 09:31:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/10/19 09:31:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/10/19 09:30:39 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/13 21:27:00 | 000,422,400 | RHS- | C] () -- C:\WINDOWS\x2.64.exe
[2005/08/30 01:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005/08/30 01:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005/08/30 01:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/14 12:31:20 | 000,027,648 | RHS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2005/07/01 23:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/01 23:34:10 | 000,361,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/01 23:28:10 | 000,478,090 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/01 23:28:10 | 000,086,020 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/06/21 22:37:42 | 000,045,568 | RHS- | C] () -- C:\WINDOWS\System32\cygz.dll
[2005/05/13 17:12:00 | 000,217,073 | RHS- | C] () -- C:\WINDOWS\meta4.exe
[2005/05/09 16:52:32 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/02/28 13:16:22 | 000,240,128 | RHS- | C] () -- C:\WINDOWS\System32\x.264.exe
[2005/01/28 03:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 03:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/03 11:10:44 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\DLXAPI32.DLL
[2004/10/07 22:41:41 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\822f2feb.dll
[2004/08/10 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 22:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 22:00:00 | 000,379,392 | ---- | C] () -- C:\WINDOWS\etobodamujumu.dll
[2004/08/09 22:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 22:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 22:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 22:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 22:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 22:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/02/21 01:33:24 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\bd40af4b.dat
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/20 18:51:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2002/10/15 15:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/10/06 11:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001/08/23 09:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/04 18:00:00 | 000,005,400 | ---- | C] () -- C:\WINDOWS\System32\gauss.DAT
[1998/05/31 01:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 23:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 23:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 23:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 23:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1996/02/23 14:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 12:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >






OTL Extras logfile created on: 6/11/2011 11:13:59 AM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 3.05 Gb Available Physical Memory | 87.13% Memory free
4.84 Gb Paging File | 4.49 Gb Available in Paging File | 92.83% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 290.07 Gb Total Space | 35.90 Gb Free Space | 12.38% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.86 Gb Free Space | 10.70% Space Free | Partition Type: FAT32
Drive O: | 953.00 Mb Total Space | 952.28 Mb Free Space | 99.92% Space Free | Partition Type: FAT

Computer Name: ELVIS | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2327:TCP" = 2327:TCP:*:Enabled:messenger
"4451:TCP" = 4451:TCP:*:Enabled:messenger

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" = C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)
"C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033) -- (SPSS Inc.)
"C:\Program Files\SPSSInc\SPSS16\spss.com" = C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com) -- (SPSS Inc)
"C:\Program Files\SPSSInc\SPSS16\spss.exe" = C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe) -- (SPSS Inc)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe" = C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE" = C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9) -- (CAPCOM CO., LTD.)
"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE" = C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10) -- (CAPCOM CO., LTD.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server
"C:\Program Files\Steam\SteamApps\stupidi0t\half-life\hl.exe" = C:\Program Files\Steam\SteamApps\stupidi0t\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Program Files\Steam\SteamApps\stupidi0t\counter-strike\hl.exe" = C:\Program Files\Steam\SteamApps\stupidi0t\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\Steam\SteamApps\stupidi0t\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\stupidi0t\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{035C9937-D918-43EA-BCAE-EA93CE2C4CC6}" = S4 League_EU
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{059EAEBE-4BC8-403C-9210-B6C1FCB9FAB9}" = Knuckles in China Land
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D458E06-924D-5131-1343-DCD16990C9CA}" = Creeper World
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{51C8741C-4A91-42A6-B6A2-CB891F7398A1}" = Kerio Personal Firewall 2.1.5
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EC86106-2B0A-4595-B03C-15E2241C1AC5}_is1" = Community Expansion Pack version 1.01b
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{624D19C3-D55D-4368-BC10-9B53036D8358}" = HP Driver Diagnostics
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CF01AD-9E35-4BD7-9036-7B8478BEB839}" = HPTunesAddIn
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8318FEFD-F467-44D6-82B8-129374BFE9B1}" = Opera 9.62
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Piano and Keyboard Method
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D48EAA77-E526-41EB-894C-BD6A17EABD95}" = TMPGEnc 3.0 XPress
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FDB61162-F860-4490-97FE-8E33EF6072D2}" = Kurso de Esperanto 3
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.42
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aegisub 1.10" = Aegisub 1.10 (Remove Only)
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Anti-Blaxx_is1" = Anti-Blaxx 1.18
"Any Video Converter_is1" = Any Video Converter 3.1.7
"AOL Instant Messenger" = AOL Instant Messenger
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"Azureus" = Azureus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitComet" = BitComet 0.56
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1" = Creeper World
"Diablo II" = Diablo II
"Dominions3" = Dominions 3 (remove only)
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DVDSpy-G4_is1" = DVDSpy 2.1
"FileZilla Client" = FileZilla Client 3.3.2
"Foxit Reader" = Foxit Reader
"Freelancer 1.0" = Freelancer
"HiDownload_is1" = HiDownload
"HijackThis" = HijackThis 1.99.1
"hp officejet g series 1212965255" = hp officejet g series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iDraw3.32 Chara Maker" = iDraw3.32 Chara Maker
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{AB61A692-5543-4C48-979B-8CEA1C52FE9C}" = PC-Doctor 5 for Windows
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"L4D2 RevEMU v2050+" = L4D2 RevEMU v2050+
"LameACM" = Lame ACM MP3 Codec
"Launchy_21344213_is1" = Launchy 2.1.2
"Left 4 Dead 2_is1" = Left 4 Dead 2 1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic ISO Maker v5.3 (build 0229)" = Magic ISO Maker v5.3 (build 0229)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Maxthon" = Maxthon Browser (remove only)
"MediaInfo" = MediaInfo 0.7.3.1
"meGUI modern media encoder" = meGUI modern media encoder (remove only)
"MFZ0CODEC" = MFZ0 codec (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 1.7.0
"Mnemosyne_is1" = Mnemosyne 1.0.1.1
"Money2005b" = Microsoft Money 2005
"Mount&Blade" = Mount&Blade
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ObjectDock Plus" = ObjectDock Plus
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"Port Royale 2" = Port Royale 2
"PROSet" = Intel® PRO Network Connections Drivers
"PS2" = PS2
"pygame-py2.2" = Python 2.2 pygame-1.5.5
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quick Memory Editor_is1" = Quick Memory Editor 5.2
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"RealAlt_is1" = Real Alternative 1.9.0
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"RivaTuner" = RivaTuner v2.21
"RPG Maker 2000 1.05" = RPG Maker 2000 1.05
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Ruby-186-25" = Ruby-186-25
"Sandboxie" = Sandboxie 3.28
"Security Task Manager" = セキュリティ タスク マネージャ 1.7e
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SShockDeinstallKey" = System Shock2
"Starcraft" = Starcraft
"StarCraft X-tra Editor (Professional Edition)_is1" = StarCraft X-tra Editor Version 2.5
"Stardock Central" = Stardock Central
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 550" = Left 4 Dead 2
"Stellarium_is1" = Stellarium 0.9.1
"Sub Station Alpha v4.08" = Sub Station Alpha v4.08
"TellmeMoreV50" = TeLL me More CJ
"The Proxomitron - Universal Web Filter_is1" = The Proxomitron Ver. Naoko-4.5
"The Rosetta Stone" = The Rosetta Stone
"The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
"Ticket To Ride 1.0" = Ticket To Ride 1.0
"Trillian" = Trillian
"UltimateDefrag V1 FREE Public Domain Version" = UltimateDefrag V1 FREE Public Domain Version
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.40-2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 558 x264.nl" = x264 Revision 558 x264.nl (remove only)
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"xp-AntiSpy" = xp-AntiSpy 3.96-6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2011 7:13:33 PM | Computer Name = ELVIS | Source = Application Error | ID = 1000
Description = Faulting application s4client.exe, version 2.8.3.24590, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 5/27/2011 12:14:58 AM | Computer Name = ELVIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/27/2011 9:15:40 PM | Computer Name = ELVIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/28/2011 1:08:29 PM | Computer Name = ELVIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 6/4/2011 12:11:23 AM | Computer Name = ELVIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/4/2011 9:20:45 PM | Computer Name = ELVIS | Source = Media Center Extender Services | ID = 36866
Description = ERROR: Device Service Listener - The listener loop unexpectedly ended.
Error code 0x80072747.

Error - 6/4/2011 9:20:50 PM | Computer Name = ELVIS | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072747.

Error - 6/4/2011 9:40:56 PM | Computer Name = ELVIS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module etobodamujumu.dll, version 0.0.0.0, fault address 0x00025e4b.

Error - 6/6/2011 12:12:46 AM | Computer Name = ELVIS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/7/2011 10:28:52 PM | Computer Name = ELVIS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module etobodamujumu.dll, version 0.0.0.0, fault address 0x00025e4b.

[ System Events ]
Error - 6/10/2011 7:05:54 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 6/10/2011 7:11:37 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 6/10/2011 7:17:21 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 6/11/2011 1:53:58 PM | Computer Name = ELVIS | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%3

Error - 6/11/2011 1:56:58 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 5.102.72.175 on
the Network Card with network address 0023C36648AF.

Error - 6/11/2011 1:58:10 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 6/11/2011 2:04:53 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 6/11/2011 2:09:43 PM | Computer Name = ELVIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/11/2011 2:11:07 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 6/11/2011 2:17:42 PM | Computer Name = ELVIS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0023C36648AF. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.


< End of report >

Edited by Blade Zephon, 16 June 2011 - 12:11 AM.


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 02:23 PM

Hi!

No problem!

I have also manually disconnected my Internet connection to the machine by unplugging the Ethernet cable. Please let me know if this should be undone.

Please connect it back again.

GooredFix
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :OTL
    MOD - [2008/04/13 17:12:08 | 000,379,392 | ---- | M] () -- C:\WINDOWS\etobodamujumu.dll
    SRV - File not found [Disabled | Stopped] -- -- (Pml Driver HPZ12)
    SRV - File not found [Disabled | Stopped] -- -- (npkcmsvc)
    SRV - File not found [Disabled | Stopped] -- -- (Anp.nlf88)
    SRV - File not found [Disabled | Stopped] -- -- (Aisidnaras)
    IE - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
    [2011/06/03 20:30:52 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O4 - HKLM..\Run: [Pdisolasi] C:\WINDOWS\etobodamujumu.dll ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O33 - MountPoints2\{4d961718-350a-11df-8f89-0013d4e288e9}\Shell\AutoRun\command - "" = O:\PMBP_Win.exe
    O33 - MountPoints2\{a5777bda-d8ca-11df-907e-0013d4e288e9}\Shell\AutoRun\command - "" = N:\PMBP_Win.exe
    [2011/06/03 20:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}
    [2011/06/11 11:09:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ckulagovagi.bin
    [2011/06/04 14:01:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/06/03 20:30:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Lriqevifo.dat
    [2011/06/03 18:02:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lriqevifo.dat
    [2011/06/03 18:02:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ckulagovagi.bin
    [2009/11/22 20:16:52 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\inst.exe
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now



NEXT:



What issues are you currently experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 02:36 PM

Hi again,

Do I need to disable my Spywareblaster protection before proceeding with the Combofix scan?
Also, my firewall is currently set to block all connections. Should I reopen connections?

Thanks again!

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 02:42 PM

Do I need to disable my Spywareblaster protection before proceeding with the Combofix scan?

No.

Also, my firewall is currently set to block all connections. Should I reopen connections?

Yes, ComboFix will need access to the Internet.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 03:29 PM

Hi again,

The scans ran without problems, and in the process, the Windows Recovery Console was updated. I will give the system a reboot and see if I notice any unusual behaviors. Is it okay at this point to reenable any protection programs?

Thanks again, ST!!

Below are the results of the the GooredFix and OTL scans. The Combofix results are very large. Is it alright to post the log as an attachment?







GooredFix by jpshortstuff (04.04.11.1)
Log created at 12:05 on 11/06/2011 (HP_Administrator)
Firefox version 3.5.7 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{1932308B-EB49-4EF3-AE02-EF0AC947E87D} -> Success!
Deleting C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:21 10/02/2010]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [04:23 19/03/2010]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\extensions\
chineseperakun@gmail.com [06:30 10/02/2010]
dave2x@download [04:26 10/02/2010]
firegestures@xuldev.org [04:26 10/02/2010]
last-tab-close-button@victor.sacharin [04:36 10/02/2010]
newtaburl@sogame.cat [04:26 10/02/2010]
omiazad@msn.com [06:29 10/02/2010]
peraperakun-chinese@gmail.com [06:32 10/02/2010]
plugin@yontoo.com [01:01 04/06/2011]
scrollsearchengines@einaregilsson.com [06:29 10/02/2010]
tabscroll@mthamil [18:10 04/04/2010]
{05e38d80-09c1-11dd-bd0b-0800200c9a66} [06:45 10/02/2010]
{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [06:24 10/02/2010]
{251b3fd3-49c9-42c8-a8b3-3b4a1bc84c4f} [04:26 10/02/2010]
{64161300-e22b-11db-8314-0800200c9a66} [04:26 10/02/2010]
{6D898772-AD34-4c16-86BB-9DE787A5DEA0} [06:29 10/02/2010]
{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [06:46 10/02/2010]
{aa26583b-4c35-4729-913e-156956078824} [06:46 10/02/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [04:26 10/02/2010]
{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [04:26 10/02/2010]
{EDA7B1D7-F793-4e03-B074-E6F303317FB0} [04:51 16/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:18 17/03/2010]

-=E.O.F=-





========== SERVICES/DRIVERS ==========
========== OTL ==========
Service Pml Driver HPZ12 stopped successfully!
Service Pml Driver HPZ12 deleted successfully!
Service npkcmsvc stopped successfully!
Service npkcmsvc deleted successfully!
Service Anp.nlf88 stopped successfully!
Service Anp.nlf88 deleted successfully!
Service Aisidnaras stopped successfully!
Service Aisidnaras deleted successfully!
HKU\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Folder C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Pdisolasi deleted successfully.
C:\WINDOWS\etobodamujumu.dll moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d961718-350a-11df-8f89-0013d4e288e9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d961718-350a-11df-8f89-0013d4e288e9}\ not found.
File O:\PMBP_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5777bda-d8ca-11df-907e-0013d4e288e9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5777bda-d8ca-11df-907e-0013d4e288e9}\ not found.
File N:\PMBP_Win.exe not found.
Folder C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{1932308B-EB49-4EF3-AE02-EF0AC947E87D}\ not found.
C:\WINDOWS\Ckulagovagi.bin moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\Lriqevifo.dat moved successfully.
File C:\WINDOWS\Lriqevifo.dat not found.
File C:\WINDOWS\Ckulagovagi.bin not found.
C:\Documents and Settings\HP_Administrator\Application Data\inst.exe moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.0 log created on 06112011_120644

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 03:34 PM

Hi!

Is it okay at this point to reenable any protection programs?

Yes.

Is it alright to post the log as an attachment?

Yes, that is fine.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 03:39 PM

Hmm... actually the log file is 856kb, too large to be attached. And my global upload quota is 512K. I hope you don't mind me attaching it compressed and archived.

Thanks again!

Attached Files


Edited by csbeginner, 11 June 2011 - 04:04 PM.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 04:02 PM

Yep.

Do this;


Please download ZipIt from here:
Download Link
  • Double-click ZipIt! to run it. (Windows Vista & 7 users need to right click and Run as Administrator)
  • Then copy the content of the following codebox into the textfield:

    ::info::http://www.bleepingcomputer.com/forums/topic401786.html
    ::bleeping::102
    C:\ComboFix.txt
    
  • Then, just click the Zip button.
  • When finished, and if successful, it should automatically submit a file for me, so that it may be analyzed further. You should also see that a new .zip file has been created on your Desktop. You will be notified of what the file name is when the process has been completed.

Edited by SweetTech, 11 June 2011 - 04:03 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 04:06 PM

I just edited my last post while you were replying. I used 7zip, so the codebox information you posted is missing. Please see above for attachment or let me know if I should rezip with ZipIt. Thanks!

Edited by csbeginner, 11 June 2011 - 04:09 PM.


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 04:18 PM

Hi!

What you did is fine.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Driver::
XDva385
zlportio

File::
c:\windows\system32\XDva385.sys
c:\ultrastardx\zlportio.sys
DirLook::
c:\documents and settings\HP_Administrator\Application Data\uqm

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 04:37 PM

Hi again,

Okay, something unexpected happened. Avira Antivir picked up something after I restarted the computer. Below is the log.

Should I continue with your instructions?








Avira AntiVir Personal
Report file date: Saturday, June 11, 2011 14:02

Scanning for 2752344 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ELVIS

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/4/2011 01:04:59
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:10:32
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 01:10:34
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 02:48:52
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 02:49:00
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 01:04:59
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 01:04:59
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 01:04:59
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 01:04:59
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 01:04:59
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 01:04:59
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 01:04:59
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 01:04:59
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 01:04:59
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 01:04:59
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 20:48:05
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 20:48:06
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 20:48:06
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 20:48:07
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 20:48:07
VBASE019.VDF : 7.11.9.144 2048 Bytes 6/10/2011 20:48:08
VBASE020.VDF : 7.11.9.145 2048 Bytes 6/10/2011 20:48:08
VBASE021.VDF : 7.11.9.146 2048 Bytes 6/10/2011 20:48:08
VBASE022.VDF : 7.11.9.147 2048 Bytes 6/10/2011 20:48:08
VBASE023.VDF : 7.11.9.148 2048 Bytes 6/10/2011 20:48:08
VBASE024.VDF : 7.11.9.149 2048 Bytes 6/10/2011 20:48:09
VBASE025.VDF : 7.11.9.150 2048 Bytes 6/10/2011 20:48:09
VBASE026.VDF : 7.11.9.151 2048 Bytes 6/10/2011 20:48:09
VBASE027.VDF : 7.11.9.152 2048 Bytes 6/10/2011 20:48:09
VBASE028.VDF : 7.11.9.153 2048 Bytes 6/10/2011 20:48:10
VBASE029.VDF : 7.11.9.154 2048 Bytes 6/10/2011 20:48:10
VBASE030.VDF : 7.11.9.155 2048 Bytes 6/10/2011 20:48:10
VBASE031.VDF : 7.11.9.159 8704 Bytes 6/11/2011 20:48:10
Engineversion : 8.2.5.14
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/29/2011 01:10:30
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/4/2011 01:04:59
AESCN.DLL : 8.1.7.2 127349 Bytes 1/29/2011 01:10:30
AESBX.DLL : 8.2.1.34 323957 Bytes 6/4/2011 01:04:59
AERDL.DLL : 8.1.9.9 639347 Bytes 4/25/2011 02:49:20
AEPACK.DLL : 8.2.6.8 557430 Bytes 6/4/2011 01:04:59
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/4/2011 01:04:59
AEHEUR.DLL : 8.1.2.125 3543415 Bytes 6/11/2011 20:48:17
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/4/2011 01:04:59
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/4/2011 01:04:59
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/29/2011 01:10:30
AECORE.DLL : 8.1.21.1 196983 Bytes 6/4/2011 01:04:59
AEBB.DLL : 8.1.1.0 53618 Bytes 1/29/2011 01:10:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
AVREP.DLL : 10.0.0.10 174120 Bytes 6/4/2011 01:05:00
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/4/2011 01:05:00
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4e2f8d88\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Saturday, June 11, 2011 14:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'persfw.exe' - '1' Module(s) have been scanned
Scan process 'hamachi-2.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'AutoHotkey.exe' - '1' Module(s) have been scanned
Scan process 'Launchy.exe' - '1' Module(s) have been scanned
Scan process 'hamachi-2-ui.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\WINDOWS\edilokuzoxuf.dll'
C:\WINDOWS\edilokuzoxuf.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c257908.qua'.


End of the scan: Saturday, June 11, 2011 14:03
Used time: 00:35 Minute(s)

The scan has been done completely.

0 Scanned directories
36 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
35 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:52 PM

Posted 11 June 2011 - 04:46 PM

Go ahead and proceed with the rest of the instructions. It looks like the file was quarantined.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 csbeginner

csbeginner
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 11 June 2011 - 05:22 PM

After ComboFix rebooted the machine and Windows loaded, two errors were encountered while the ComboFix log was being generated. (It said to not run any programs, but some must have automatically loaded in the background.) There was a Kerio Firewall driver error and another Windows - Application memory reading error.

I will continue with the other scans, but if there are instructions you recommend in their stead given this update, please let me know.

Thanks again!

Pasted below are contents of the ComboFix result log.




ComboFix 11-06-11.01 - HP_Administrator 06/11/2011 14:24:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3011 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\ultrastardx\zlportio.sys"
"c:\windows\system32\XDva385.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA385
-------\Service_XDva385
-------\Service_zlportio
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 19:06 . 2011-06-11 19:06 -------- d-----w- C:\_OTL
2011-06-04 01:01 . 2011-06-04 01:01 -------- d-----w- c:\program files\PageRage
2011-05-30 22:04 . 2011-05-30 22:04 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-05-26 04:03 . 2011-05-26 04:04 -------- d-----w- C:\Ascend
2011-05-25 04:16 . 2011-05-30 04:20 -------- d-----w- c:\program files\The Ur-Quan Masters
2011-05-25 04:14 . 2011-05-29 19:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uqm
2011-05-23 01:34 . 2011-05-24 04:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CreeperWorld
2011-05-23 01:33 . 2011-05-23 01:33 -------- d-----w- c:\program files\Creeper World
2011-05-23 01:32 . 2011-05-23 01:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:11 . 2009-06-29 00:21 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 16:11 . 2009-06-29 00:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-25 02:49 . 2009-06-29 03:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2005-05-14 00:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 18:13 66560 --sha-r- c:\windows\MOTA113.exe
2005-10-14 04:27 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 02:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 19:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 07:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 17:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 20:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 07:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\HP_Administrator\Application Data\uqm ----
.
2011-05-29 19:48 . 2011-05-29 19:48 140 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\melee.cfg
2011-05-29 19:34 . 2011-05-29 20:13 1284 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\save\starcon2.02
2011-05-29 18:44 . 2011-05-30 03:57 2327 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\save\starcon2.01
2011-05-25 04:34 . 2011-05-30 04:16 2794 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\save\starcon2.00
2007-01-09 04:32 . 2011-05-29 20:55 792 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\uqm.cfg
2006-12-15 05:02 . 2006-12-15 05:02 789 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\uqm-3do.cfg
2006-12-15 05:01 . 2006-12-15 05:01 786 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\uqm-pc.cfg
2006-01-20 00:48 . 2011-05-29 20:55 1816 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\keys.cfg
2006-01-20 00:48 . 2006-01-20 00:48 6235 ----a-w- c:\documents and settings\HP_Administrator\Application Data\uqm\keys.old
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-26 1951112]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Shortcut to AutoHotkey.lnk - c:\documents and settings\HP_Administrator\My Documents\Documents\AutoHotkey\hotkeys\AutoHotkey.ahk [2008-9-14 547]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-8-22 3581680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-9-14 286720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-24 00:16 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-02 23:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
2005-10-26 23:35 225280 ----a-w- c:\program files\Anti-Blaxx\Anti-Blaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2007-11-02 00:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-25 22:34 245760 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-10 05:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 05:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 23:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-03 00:44 61440 ----a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-26 00:29 1951112 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2005-05-10 17:50 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2011-05-29 16:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-10 05:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 05:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 05:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 13:54 16010240 ------w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-19 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 03:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"SNDSrvc"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"navapsvc"=2 (0x2)
"Pml Driver HPZ12"=0 (0x0)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"WinDefend"=2 (0x2)
"stisvc"=2 (0x2)
"helpsvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\stupidi0t\\half-life\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\SteamApps\\stupidi0t\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2327:TCP"= 2327:TCP:messenger
"4451:TCP"= 4451:TCP:messenger
.
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [10/20/2009 7:04 PM 102912]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/28/2009 8:07 PM 136360]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [5/25/2011 5:29 PM 1336712]
S3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [12/18/2008 6:03 PM 23480]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/11/2006 9:43 AM 642560]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = localhost:8080
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Download All Files by HiDownload - c:\program files\StreamingStar\HiDownload\HDGetAll.htm
IE: Download by HiDownload - c:\program files\StreamingStar\HiDownload\HDGet.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {77114B46-8FBD-11D4-A515-00E02975EB07} - hxxp://www.ongakucho.com/download/Altsax.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7l4zbg3k.default\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: NewTabURL: newtaburl@sogame.cat - %profile%\extensions\newtaburl@sogame.cat
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: RDown - Rapidshare Downloader: dave2x@download - %profile%\extensions\dave2x@download
FF - Ext: Rikaichan: {0AA9101C-D3C1-4129-A9B7-D778C6A17F82} - %profile%\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
FF - Ext: Japanese-English Dictionary for rikaichan: {6D898772-AD34-4c16-86BB-9DE787A5DEA0} - %profile%\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
FF - Ext: Scroll Search Engines: scrollsearchengines@einaregilsson.com - %profile%\extensions\scrollsearchengines@einaregilsson.com
FF - Ext: Paste and Go 3: omiazad@msn.com - %profile%\extensions\omiazad@msn.com
FF - Ext: Perapera-kun: Popup Japanese, Chinese, and Korean Translator: chineseperakun@gmail.com - %profile%\extensions\chineseperakun@gmail.com
FF - Ext: Chinese-English Dictionary for Perapera-kun: peraperakun-chinese@gmail.com - %profile%\extensions\peraperakun-chinese@gmail.com
FF - Ext: Elementary: {05e38d80-09c1-11dd-bd0b-0800200c9a66} - %profile%\extensions\{05e38d80-09c1-11dd-bd0b-0800200c9a66}
FF - Ext: Qute 3++ (custom mod): {aa26583b-4c35-4729-913e-156956078824} - %profile%\extensions\{aa26583b-4c35-4729-913e-156956078824}
FF - Ext: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - %profile%\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: Tab Wheel Scroll: tabscroll@mthamil - %profile%\extensions\tabscroll@mthamil
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 14:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* a*v*i*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,e5,4a,d5,df,c9,97,7b,00,94,46,b8,f4,ee,6a,a3,8d,d9,92,93,c9,c8,fe,
13,f9,a9,2f,82,3e,24,57,31,7e,5d,ed,72,ac,e8,5d,38,87,68,9a,f3,06,57,1c,b4,\
"??"=hex:46,e2,0f,75,ad,3b,a1,30,71,54,65,f4,35,16,33,89
.
[HKEY_USERS\S-1-5-21-2473348725-2686629265-2815920936-1008\Software\SecuROM\License information*]
"datasecu"=hex:ed,3f,bf,07,79,93,08,7d,75,f8,0b,67,cc,4c,5d,0b,36,47,de,41,24,
10,5d,e7,cd,98,d4,82,90,0c,c2,d1,c4,e1,18,5a,03,2e,34,a0,c0,58,d9,4c,ec,02,\
"rkeysecu"=hex:c0,7e,7d,46,49,1a,4f,23,fd,61,8d,76,22,d8,b6,8f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
- - - - - - - > 'explorer.exe'(2364)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\ObjectDock\StardockTray.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\arservice.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\documents and settings\HP_Administrator\My Documents\Documents\AutoHotkey\AutoHotkey.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\SoftwareDistribution\Download\a37ea2d49e8a7659886ac76c226cad7d\update\update.exe
.
**************************************************************************
.
Completion time: 2011-06-11 14:56:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-11 21:56
ComboFix2.txt 2011-06-11 19:46
ComboFix3.txt 2009-10-11 01:12
.
Pre-Run: 39,830,007,808 bytes free
Post-Run: 39,568,408,576 bytes free
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 5D580BA334816E4CAFC0BF97917419B1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users