Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect on Foxfire [Solved]

Started by cronemage , Dec 05 2009 06:20 PM

  • This topic is locked This topic is locked

#1
cronemage
Posted 05 December 2009 - 06:20 PM

cronemage

    Member

  • Member
  • PipPip
  • 20 posts
I've done everything in the cleaning guide, but am still getting redirected when clicking links in Google Search. Here's the logs I've saved from the things I've done so far:

OTL logfile created on: 12/5/2009 5:45:19 PM - Run 2
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Documents and Settings\HP_Administrator.STEPH\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 275.01 Mb Available Physical Memory | 27.09% Memory free
2.38 Gb Paging File | 1.71 Gb Available in Paging File | 71.76% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.44 Gb Total Space | 144.35 Gb Free Space | 64.32% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.39 Gb Free Space | 4.62% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/05 10:41:35 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
PRC - [2009/11/27 22:00:17 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/27 22:00:15 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/27 22:00:15 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/27 22:00:13 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/27 22:00:13 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/27 22:00:10 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/02 21:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/25 16:42:00 | 03,794,256 | ---- | M] (Bartels Media) -- C:\Program Files\PhraseExpress\phraseexpress.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2007/11/02 18:44:16 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/12/19 03:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2005/11/03 16:26:30 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/11/03 16:22:36 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005/11/01 11:01:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
PRC - [2005/10/20 19:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe
PRC - [2005/10/20 19:55:40 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSysTry.exe
PRC - [2005/10/11 14:33:20 | 02,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 11:24:02 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/08/27 03:14:44 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/08/03 01:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/05/03 19:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 10:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/05 10:41:35 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/27 22:00:10 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/21 20:21:18 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2005/12/19 03:26:54 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/10/20 19:55:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\RMSvc.exe -- (RMSvc)
SRV - [2005/08/03 01:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 10:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/01 02:02:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 02:26:57 | 00,000,000 | ---D | M]

[2009/11/27 21:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Extensions
[2009/12/04 05:23:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions
[2009/11/27 22:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/01 00:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/30 21:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/28 06:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\[email protected]
[2009/12/04 05:23:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 23:22:59 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 03:42:03 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 20:13:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (66431543362453504)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/05 17:32:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/05 17:31:37 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:16:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/05 11:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\GooredFix Backups
[2009/12/05 10:54:04 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/05 10:41:35 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/04 04:40:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrivacIE
[2009/12/03 16:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/12/03 16:18:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/03 16:08:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/12/03 16:02:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/03 06:01:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\IETldCache
[2009/12/03 05:30:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/02 21:11:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Received Files
[2009/12/02 21:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\MSNInstaller
[2009/12/02 21:00:07 | 00,000,000 | ---D | C] -- C:\95f68d2ffe30c13af7d76c3b3815
[2009/12/02 20:41:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/02 15:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/02 12:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/01 00:40:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Malwarebytes
[2009/12/01 00:39:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/01 00:39:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 00:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/01 00:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPQ
[2009/11/30 23:29:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/11/30 23:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/11/30 23:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Snapshot Viewer
[2009/11/30 23:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
[2009/11/30 17:56:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\uqdhon
[2009/11/29 11:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HpUpdate
[2009/11/29 11:27:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/11/29 09:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
[2009/11/28 21:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Yahoo!
[2009/11/28 21:08:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPAppData
[2009/11/28 10:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HP
[2009/11/28 10:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
[2009/11/28 09:52:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/28 06:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Sun
[2009/11/28 02:01:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\UserData
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Macromedia
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Adobe
[2009/11/27 22:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
[2009/11/27 22:12:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
[2009/11/27 22:01:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/27 22:00:47 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:40 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/27 22:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/27 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/27 21:55:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\Downloads
[2009/11/27 21:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
[2009/11/27 21:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla
[2009/11/27 21:43:41 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/27 21:31:08 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/27 21:30:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/11/27 21:30:39 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Recent
[2009/11/27 21:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\PhraseExpress
[2009/11/27 21:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\PhraseExpress
[2009/11/27 21:20:08 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\SendTo
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Start Menu
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Videos
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Pictures
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Music
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Favorites
[2009/11/27 21:20:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Cookies
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Templates
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrintHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\NetHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\WINDOWS
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Wildtangent
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Real
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Intuit
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Identities
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Google
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\ApplicationHistory
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2005/09/24 09:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 14 Days ==========

[2009/12/05 17:47:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job
[2009/12/05 17:43:36 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/12/05 17:36:03 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/05 17:34:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/05 17:34:01 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/05 17:34:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/05 17:32:58 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/12/05 17:31:37 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 15:40:13 | 46,243,751 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/05 15:39:48 | 00,112,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/05 11:42:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/05 11:41:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/05 10:41:35 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/05 10:35:52 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/12/04 03:02:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/03 21:09:38 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091205-103327.backup
[2009/12/03 18:23:32 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-210938.backup
[2009/12/03 17:46:05 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/03 17:46:05 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/03 17:46:05 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/03 17:40:41 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 17:39:29 | 01,577,792 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\IconCache.db
[2009/12/03 16:35:32 | 00,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2009/12/03 16:35:32 | 00,000,020 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/12/03 16:28:31 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:23:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/03 16:22:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 16:18:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 16:06:01 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/12/02 21:02:39 | 00,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/02 21:02:24 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
[2009/12/02 20:28:11 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/12/02 16:32:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/01 20:42:53 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-182332.backup
[2009/12/01 11:30:00 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/01 00:39:54 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/01 00:04:11 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/30 23:26:10 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/30 23:15:04 | 00,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/30 23:14:54 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/30 21:37:33 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-204253.backup
[2009/11/30 20:48:25 | 00,139,264 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpzjrd01.dll
[2009/11/29 11:33:53 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/29 08:24:02 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/28 11:14:16 | 00,004,095 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/28 10:59:20 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-213733.backup
[2009/11/28 10:56:41 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105920.backup
[2009/11/28 10:55:00 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105641.backup
[2009/11/28 10:54:02 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105500.backup
[2009/11/28 10:24:15 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:15:24 | 00,176,731 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2009/11/28 10:06:01 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/11/28 10:05:10 | 00,002,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:57:27 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/11/27 22:15:58 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:00:47 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:47 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:40 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 21:31:30 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/27 21:29:00 | 00,001,835 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:19:03 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/27 21:18:32 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/27 21:17:47 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/11/26 10:10:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Files Created - No Company Name ==========

[2009/12/03 16:28:31 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:22:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 01:55:46 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/12/03 01:54:31 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/12/03 01:53:29 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/12/03 01:53:10 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/12/02 21:10:57 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Windows Messenger.lnk
[2009/12/01 00:39:54 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 23:14:54 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/29 11:39:05 | 00,002,253 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPSU_48BitScanUpdate.log
[2009/11/29 11:33:53 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/28 10:24:15 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:49:09 | 00,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
[2009/11/28 09:49:09 | 00,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
[2009/11/27 22:15:58 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:13:49 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 22:00:47 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:36 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:30 | 46,243,751 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/27 22:00:30 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 22:00:30 | 00,112,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/27 21:28:57 | 00,001,835 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:28:55 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/27 21:20:09 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/27 21:20:08 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/11/27 21:20:07 | 05,767,168 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/11/27 21:18:28 | 00,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2009/11/27 21:18:28 | 00,001,471 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/11/27 21:18:28 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/07/18 02:19:16 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/18 02:19:15 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/05/30 17:06:31 | 00,000,078 | ---- | C] () -- C:\WINDOWS\DUXBURY.INI
[2009/04/23 05:24:16 | 00,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2008/04/26 11:40:49 | 00,000,157 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/04/26 11:39:32 | 00,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/12/31 15:24:20 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/16 11:49:38 | 14,459,752 | ---- | C] () -- C:\Program Files\bloodgulch.map
[2007/08/11 15:16:20 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/08/11 15:10:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/07/14 15:40:30 | 00,000,716 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2007/07/14 15:40:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/04/30 17:19:50 | 00,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/17 17:22:37 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/04/14 02:23:32 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/31 13:12:11 | 00,000,482 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/09/30 17:38:58 | 01,483,776 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[2006/08/11 19:40:23 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 19:40:06 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/11 18:31:02 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/11 18:27:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/07 04:15:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 03:50:22 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 03:45:07 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 03:44:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 03:42:32 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 03:39:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 03:29:15 | 00,004,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 03:27:51 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 03:12:14 | 00,003,257 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 03:11:10 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 03:07:07 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 02:43:41 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 02:43:41 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 02:43:22 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 15:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 08:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/06 16:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/12/04 04:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/28 10:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/03/07 03:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/08/16 15:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/10/01 22:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2008/05/12 21:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/25 15:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2008/12/25 22:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/12/25 22:53:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2007/10/18 20:21:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/16 15:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2008/08/31 12:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/03/27 23:17:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhraseExpress
[2009/07/21 23:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/09/29 20:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/03 16:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/09/08 11:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/11/30 23:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/08/24 20:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Online
[2009/06/09 21:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/27 21:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/06 20:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/14 08:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/12/05 17:47:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/12/22 10:23:37 | 11,392,321 | ---- | M] () -- C:\WinGizmo-LJ-2-0-2-227.exe


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2009/12/05 13:11:15 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=1494C60EE680E8E79A2D3E25D5FE50FF -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/03 06:39:32 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/09 22:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/09 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE3CF4E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/05 17:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA31EA000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==


Thanks for taking a look at this!
  • 0

Advertisements

#2
Perplexus
Posted 07 December 2009 - 02:03 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hello and welcome to Geeks To Go!:)

My name is Perplexus and I will be helping you fix your computer problem.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
  • To make sure that you receive an email when this topic is updated, please click here and check that this topic is listed under Virus, Spyware and Trojan Removal .
  • Before beginning the fix, read this post completely. If there's anything that you do not understand, please ask your questions before proceeding as you may temporarily be disconnected from the internet. No question is considered dumb here. It's better to be safe than sorry!
  • Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
  • It is IMPORTANT that you do not miss a step & perform everything in the correct order/sequence.
  • Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested, as it can be very dangerous and cause harm to your system.
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image

    Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

  • 0

#3
cronemage
Posted 07 December 2009 - 04:50 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's the ComboFix log.

Thanks for your help!



ComboFix 09-12-07.01 - HP_Administrator 12/07/2009 16:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.594 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator.STEPH\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-05 23:59 . 2009-12-05 23:59 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-05 23:56 . 2009-12-05 23:56 -------- d-----w- c:\program files\ERUNT
2009-12-05 16:54 . 2009-12-05 16:54 -------- d-----w- C:\_OTL
2009-12-04 10:40 . 2009-12-04 10:40 -------- d-sh--w- c:\documents and settings\HP_Administrator.STEPH\PrivacIE
2009-12-03 22:28 . 2009-12-03 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-12-03 22:08 . 2009-12-03 22:08 -------- d-----w- c:\windows\system32\scripting
2009-12-03 22:08 . 2009-12-03 22:08 -------- d-----w- c:\windows\system32\en
2009-12-03 07:56 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-12-03 07:55 . 2004-08-04 03:29 1897408 ------w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-03 07:54 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-03 07:53 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\faxpatch.exe
2009-12-03 03:04 . 2009-12-03 03:04 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\MSNInstaller
2009-12-03 03:00 . 2009-12-03 11:16 -------- d-----w- C:\95f68d2ffe30c13af7d76c3b3815
2009-12-03 02:41 . 2009-12-03 02:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-03 02:30 . 2008-04-15 15:17 295424 ------w- c:\windows\system32\dllcache\termsrv.dll
2009-12-02 21:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-02 21:53 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-12-02 21:53 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-12-02 21:53 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-12-02 21:53 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-12-02 21:53 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-02 21:53 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-02 21:53 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-02 21:53 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-12-02 21:53 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-12-02 21:53 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-02 21:53 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-02 21:53 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-02 21:51 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-02 21:50 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-02 21:50 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-02 21:50 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-02 21:49 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-02 21:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-02 21:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-01 06:40 . 2009-12-01 06:40 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Malwarebytes
2009-12-01 06:39 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-01 06:39 . 2009-12-01 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-01 06:39 . 2009-12-05 23:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-01 06:39 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 06:21 . 2009-12-01 06:21 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HPQ
2009-12-01 06:04 . 2009-11-19 17:48 43008 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-01 06:04 . 2009-11-19 17:48 872960 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-01 06:04 . 2009-11-19 17:48 340480 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-01 06:04 . 2009-11-19 17:48 346624 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-01 05:23 . 2009-12-01 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SBT
2009-12-01 05:23 . 2009-12-01 05:23 -------- d-----w- c:\program files\Snapshot Viewer
2009-12-01 05:12 . 2009-12-01 05:12 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
2009-12-01 04:34 . 2009-11-28 04:00 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-01 04:34 . 2009-11-28 04:00 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-12-01 04:33 . 2009-11-28 04:00 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-01 04:33 . 2009-11-28 04:00 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-30 23:56 . 2009-11-30 23:58 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\uqdhon
2009-11-29 17:27 . 2009-12-01 02:49 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HpUpdate
2009-11-29 17:27 . 2009-11-29 17:27 -------- d-----w- c:\windows\Hewlett-Packard
2009-11-29 15:27 . 2009-11-30 23:54 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
2009-11-29 15:19 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-29 15:19 . 2004-08-04 06:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-11-29 03:08 . 2009-11-29 03:08 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Yahoo!
2009-11-29 03:08 . 2009-12-03 11:27 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HPAppData
2009-11-28 16:19 . 2009-12-03 00:59 152576 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-28 16:18 . 2009-12-03 00:57 79488 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-28 16:17 . 2009-11-28 16:17 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\HP
2009-11-28 16:15 . 2009-11-28 16:15 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
2009-11-28 16:08 . 2007-01-17 16:37 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-28 16:08 . 2007-01-17 16:37 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-28 16:07 . 2007-11-06 01:06 278016 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5mu.dll
2009-11-28 16:07 . 2007-11-06 01:07 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2009-11-28 16:07 . 2007-11-07 02:10 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-28 16:07 . 2007-01-17 16:37 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-11-28 16:06 . 2007-10-31 10:35 729088 ----a-r- c:\windows\system32\hpwwiax4.dll
2009-11-28 16:06 . 2007-10-31 10:35 593920 ----a-r- c:\windows\system32\hpwtscl3.dll
2009-11-28 16:06 . 2007-01-17 16:37 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-11-28 16:06 . 2007-01-17 16:37 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-11-28 16:06 . 2007-01-17 16:31 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-11-28 15:52 . 2009-11-28 15:52 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-28 08:01 . 2009-11-28 08:01 -------- d-sh--w- c:\documents and settings\HP_Administrator.STEPH\UserData
2009-11-28 08:01 . 2009-10-16 18:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-28 05:13 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-28 05:12 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-28 05:12 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-28 05:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-28 04:13 . 2009-11-28 04:13 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
2009-11-28 04:12 . 2009-11-28 04:12 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
2009-11-28 04:01 . 2009-11-28 04:01 -------- d-----w- C:\$AVG
2009-11-28 04:00 . 2009-11-28 04:00 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-28 04:00 . 2009-11-28 04:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-28 04:00 . 2009-11-28 04:00 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-28 04:00 . 2009-11-28 04:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-28 04:00 . 2009-12-07 22:01 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-28 04:00 . 2009-12-04 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-11-28 04:00 . 2009-11-28 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-28 03:52 . 2009-11-28 03:52 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
2009-11-28 03:43 . 2009-12-05 19:11 -------- d-sh--r- c:\windows\system32\dllcache
2009-11-28 03:30 . 2009-11-28 03:30 -------- d-----w- c:\documents and settings\HP_Administrator.STEPH\Application Data\PhraseExpress
2009-11-28 03:29 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-28 03:18 . 2006-03-07 09:40 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-11-24 02:07 . 2009-11-24 02:07 -------- d-sh--w- c:\documents and settings\HP_Administrator\IECompatCache
2009-11-17 23:53 . 2009-11-17 23:53 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\program files\Conduit
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Conduit
2009-11-17 00:47 . 2009-11-17 14:12 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\XfireXO
2009-11-17 00:47 . 2009-11-17 00:47 -------- d-----w- c:\program files\XfireXO
2009-11-17 00:47 . 2009-11-13 08:25 52224 ------w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-11-17 00:47 . 2009-11-13 08:25 114688 ------w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-11-12 00:39 . 2009-11-12 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-11-12 00:14 . 2007-11-07 02:04 1373528 ----a-r- c:\windows\hpzshl01.exe
2009-11-12 00:14 . 2008-01-07 14:10 10563 ----a-r- c:\windows\hpwscr19.dat
2009-11-12 00:14 . 2007-11-07 02:15 1140056 ----a-r- c:\windows\hpzmsi01.exe
2009-11-12 00:13 . 2009-11-12 00:14 -------- d-----w- c:\windows\yellowtail
2009-11-12 00:10 . 2009-11-28 16:15 176731 ----a-w- c:\windows\hpwins19.dat
2009-11-12 00:10 . 2008-01-07 14:08 997 ----a-r- c:\windows\hpwmdl19.dat
2009-11-09 22:44 . 2009-11-09 22:44 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\SupportSoft
2009-11-09 22:43 . 2009-11-09 22:43 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-09 22:43 . 2009-11-09 22:43 -------- d-----w- c:\program files\ComcastUI
2009-11-08 14:07 . 2009-07-28 17:45 397312 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\lszntw0e.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 22:14 . 2004-08-10 04:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-05 23:54 . 2006-03-07 09:26 83312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 22:35 . 2007-12-15 19:02 58 ---h--w- c:\windows\popcreg.dat
2009-12-03 22:35 . 2007-12-15 19:02 20 ----a-w- c:\windows\popcinfot.dat
2009-12-03 22:28 . 2007-12-15 19:02 -------- d-----w- c:\program files\PopCap Games
2009-12-03 22:12 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-03 22:12 . 2009-12-03 22:12 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-12-03 22:12 . 2009-12-03 22:12 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-12-03 22:12 . 2009-12-03 22:12 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-12-03 22:12 . 2009-12-03 22:12 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-12-03 22:12 . 2009-12-03 22:12 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2009-12-03 22:12 . 2009-12-03 22:12 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-12-03 22:12 . 2009-12-03 22:12 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-12-03 22:12 . 2009-12-03 22:12 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-12-03 22:12 . 2009-12-03 22:12 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-12-01 05:22 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage
2009-12-01 02:48 . 2005-01-25 01:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-12-01 02:45 . 2006-03-07 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-29 14:24 . 2009-11-28 03:20 145 ----a-w- c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
2009-11-29 03:08 . 2006-08-10 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-28 16:55 . 2008-12-10 01:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-28 16:24 . 2008-12-10 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-28 16:15 . 2006-03-07 09:50 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-11-28 16:02 . 2006-03-07 09:34 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-28 15:59 . 2008-11-27 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-28 04:15 . 2008-01-16 02:56 -------- d-----w- c:\program files\QuickTime
2009-11-28 04:14 . 2007-08-16 02:10 -------- d-----w- c:\program files\Common Files\Apple
2009-11-28 04:13 . 2007-04-08 20:52 -------- d-----w- c:\program files\Apple Software Update
2009-11-28 04:01 . 2008-05-13 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-28 04:00 . 2008-05-13 04:16 -------- d-----w- c:\program files\AVG
2009-11-28 03:49 . 2006-03-07 09:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-28 03:49 . 2006-03-07 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-28 03:39 . 2006-03-07 09:29 -------- d-----w- c:\program files\WildTangent
2009-11-28 03:39 . 2006-03-07 08:46 -------- d-----w- c:\program files\GemMaster
2009-11-28 03:29 . 2009-11-28 03:28 1835 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
2009-11-24 01:16 . 2007-01-09 16:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-22 20:51 . 2007-10-07 03:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ZoomBrowser EX
2009-11-22 20:47 . 2007-10-07 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-22 06:25 . 2008-06-11 21:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xfire
2009-11-15 23:21 . 2009-01-20 04:42 1 ----a-w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-11 10:54 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GameHouse
2009-11-11 10:54 . 2008-05-13 04:16 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2009-11-02 03:27 . 2008-09-20 01:28 -------- d-----w- c:\program files\Windows Live
2009-11-02 03:25 . 2008-08-05 01:56 -------- d-----w- c:\program files\MIcrosoft
2009-09-11 14:18 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 11:44 . 2008-03-24 19:42 488968 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\Update\setup\setup.exe
2008-12-10 02:21 . 2007-09-16 17:49 14459752 ----a-w- c:\program files\bloodgulch.map
.

------- Sigcheck -------

[-] 2009-12-07 . 1494C60EE680E8E79A2D3E25D5FE50FF . 96512 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[7] 2009-12-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\atapi.sys
[7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-28 2020120]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\MCX1\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\MCX2\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-7 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
PhraseExpress.lnk - c:\program files\PhraseExpress\phraseexpress.exe [2009-3-8 3794256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-28 04:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\PhraseExpress\\phraseexpress.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/27/2009 10:00 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/27/2009 10:00 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/27/2009 10:00 PM 285392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
QWAVE REG_MULTI_SZ QWAVE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Microsoft Interactive Training - c:\windows\IsUninst.exe -fc:\windows\orun32.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 16:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F71618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76acf28
\Driver\ACPI -> ACPI.sys @ 0xf751fcb8
\Driver\atapi -> atapi.sys @ 0xf73dc7b4
\Driver\iaStor -> iaStor.sys @ 0xf7400b10
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf728dbb0
PacketIndicateHandler -> NDIS.sys @ 0xf729aa21
SendHandler -> NDIS.sys @ 0xf727887b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1196)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ARPWRMSG.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\ehome\RMSvc.exe
c:\windows\ehome\McrdSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-12-07 16:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 22:47
ComboFix2.txt 2009-12-05 17:52

Pre-Run: 154,518,138,880 bytes free
Post-Run: 154,609,369,088 bytes free

- - End Of File - - 966AF2BAE85350494C7AD9BA63A23B05
  • 0

#4
Perplexus
Posted 07 December 2009 - 06:16 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
How is the machine running? We still need to do a few more scans to see if there is anything else.

------------------
Step 1:
------------------

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Files
c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\uqdhon

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

------------------
Step 2:
------------------

Posted ImageRun Malwarebytes' Anti-Malware
  • Select the Update tab and then click Check for Updates.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select the Scanner tab and "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------
Step 3:
------------------

Please post back with the following:
  • How your machine is running
  • OTL fix log
  • fresh MBAM log

  • 0

#5
cronemage
Posted 07 December 2009 - 06:53 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Well, I'm still getting the new tabs opening. I haven't tried a Google Search yet. When I ran the MBAM it showed no malicious results. Here's the logs:

All processes killed
========== OTL ==========
========== FILES ==========
c:\documents and settings\HP_Administrator.STEPH\Local Settings\Application Data\uqdhon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Documents and Settings

User: HP_Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: HP_Administrator.STEPH
->Temp folder emptied: 19250 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Java cache emptied: 16149207 bytes
->FireFox cache emptied: 66687680 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MCX2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 20704 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 79.13 mb


OTL by OldTimer - Version 3.1.11.6 log created on 12072009_183338

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_165c.dat not found!

Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.42
Database version: 3313
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/7/2009 6:50:08 PM
mbam-log-2009-12-07 (18-50-08).txt

Scan type: Quick Scan
Objects scanned: 143086
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
Perplexus
Posted 07 December 2009 - 07:26 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
I didn't know about the new tabs. What's happening there? Let's go ahead and get a couple more scans.

------------------
Step 1:
------------------

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

------------------
Step 2:
------------------

Download RootRepeal from one of the following locations:Unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

------------------
Step 3:
------------------

Please post back with the following:
  • How your machine is running
  • OTL log
  • RootRepeal.txt

  • 0

#7
cronemage
Posted 07 December 2009 - 08:20 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I'm still getting redirected from clicking on Google sites and also getting new tabs popping in. Here's the logs. I didn't get an OTL extras log though. Only one popped up and this is it. The RootRepeal seemed short, too.

Thanks again for looking at this.

OTL logfile created on: 12/7/2009 7:38:11 PM - Run 3
OTL by OldTimer - Version 3.1.11.6 Folder = C:\Documents and Settings\HP_Administrator.STEPH\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 133.47 Mb Available Physical Memory | 13.15% Memory free
2.38 Gb Paging File | 1.61 Gb Available in Paging File | 67.41% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.44 Gb Total Space | 144.08 Gb Free Space | 64.20% Space Free | Partition Type: NTFS
Drive D: | 8.43 Gb Total Space | 0.39 Gb Free Space | 4.62% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPH
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
PRC - C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
PRC - C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
PRC - c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (RMSvc) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.9948
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/01 02:02:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 02:26:57 | 00,000,000 | ---D | M]

[2009/11/27 21:53:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Extensions
[2009/12/06 05:44:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions
[2009/11/27 22:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/01 00:10:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/30 21:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/28 06:10:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla\Firefox\Profiles\w2qpsr3m.default\extensions\[email protected]
[2009/12/06 05:44:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 23:22:59 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhraseExpress.lnk = C:\Program Files\PhraseExpress\phraseexpress.exe (Bartels Media)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/07 03:42:03 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/11/14 20:13:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70935142989824000)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/07 18:33:56 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/07 16:11:36 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/07 16:11:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/07 16:11:36 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/07 16:10:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/05 17:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/12/05 17:31:37 | 00,343,040 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:16:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/05 11:16:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/05 11:05:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\GooredFix Backups
[2009/12/05 10:54:04 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/05 10:41:35 | 00,536,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/04 04:40:14 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrivacIE
[2009/12/03 16:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/12/03 16:18:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/03 16:08:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/12/03 16:08:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/12/03 16:02:08 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/03 06:01:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\IETldCache
[2009/12/03 05:32:31 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/03 05:32:31 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/03 05:32:30 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/03 05:32:29 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/03 05:30:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/03 01:57:41 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/12/03 01:57:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/12/03 01:57:34 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/12/03 01:57:34 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/12/03 01:57:29 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/12/03 01:57:28 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/12/03 01:57:28 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/12/03 01:57:28 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/12/03 01:57:28 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/12/03 01:57:28 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/12/03 01:57:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/12/03 01:57:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/12/03 01:57:25 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/12/03 01:57:23 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/12/03 01:57:11 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/12/03 01:56:41 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/12/03 01:56:36 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/12/03 01:56:31 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/12/03 01:56:30 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/12/03 01:56:30 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/12/03 01:56:30 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/12/03 01:56:30 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/12/03 01:56:30 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/12/03 01:56:30 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/12/03 01:56:30 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/12/03 01:56:30 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/12/03 01:56:30 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/12/03 01:56:29 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/12/03 01:56:29 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/12/03 01:56:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/12/03 01:56:22 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/12/03 01:56:22 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/12/03 01:56:20 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/12/03 01:56:20 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/12/03 01:56:19 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/12/03 01:56:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/12/03 01:56:16 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/12/03 01:56:15 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/12/03 01:56:14 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/12/03 01:56:11 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/12/03 01:56:04 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/12/03 01:55:55 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/12/03 01:55:54 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/12/03 01:55:51 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/12/03 01:55:43 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/12/03 01:55:43 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/12/03 01:55:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/12/03 01:55:42 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/12/03 01:55:42 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/12/03 01:55:42 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/12/03 01:55:41 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/12/03 01:55:41 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/12/03 01:55:38 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/12/03 01:55:38 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/12/03 01:55:07 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/12/03 01:55:06 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/12/03 01:55:06 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/12/03 01:55:06 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/12/03 01:55:02 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/12/03 01:55:02 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/12/03 01:54:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/12/03 01:54:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/12/03 01:54:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/12/03 01:54:53 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/12/03 01:54:52 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/12/03 01:54:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/12/03 01:54:31 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/12/03 01:54:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/12/03 01:54:18 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/12/03 01:54:13 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/12/03 01:54:13 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/12/03 01:54:13 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/12/03 01:54:13 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/12/03 01:53:57 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/12/03 01:53:50 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/12/03 01:53:50 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/12/03 01:53:50 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/12/03 01:53:50 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/12/03 01:53:49 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/12/03 01:53:49 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/12/03 01:53:49 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/12/03 01:53:41 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/12/03 01:53:40 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/12/03 01:53:40 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/12/03 01:53:40 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/12/03 01:53:40 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/12/03 01:53:40 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/12/03 01:53:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/12/03 01:53:35 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/12/03 01:53:21 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/12/03 01:53:17 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/12/03 01:53:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/12/03 01:53:12 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/12/03 01:53:12 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/12/03 01:53:11 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/12/03 01:53:11 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/12/03 01:53:11 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/12/03 01:53:11 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/12/03 01:53:10 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/12/03 01:53:10 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/12/03 01:53:10 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/12/03 01:53:10 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/12/03 01:53:10 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/12/03 01:53:10 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/12/03 01:53:10 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/12/03 01:53:10 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/12/03 01:53:10 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/12/03 01:53:10 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/12/03 01:53:10 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/12/03 01:53:09 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/12/03 01:53:09 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/12/03 01:53:09 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/12/03 01:53:09 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/12/03 01:53:09 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/12/03 01:53:09 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/12/03 01:53:09 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/12/03 01:53:09 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/12/03 01:53:09 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/12/03 01:53:08 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/12/03 01:53:08 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/12/03 01:53:08 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/12/03 01:53:08 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/12/03 01:53:08 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/12/03 01:53:08 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/12/03 01:53:08 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/12/03 01:53:08 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/12/03 01:53:08 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/12/03 01:53:08 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/12/03 01:53:08 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/12/03 01:53:06 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/12/03 01:53:03 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/12/03 01:53:03 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/12/03 01:53:02 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/12/03 01:53:02 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/12/03 01:53:02 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/12/03 01:53:02 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/12/03 01:53:02 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/12/03 01:53:00 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/12/02 21:11:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Received Files
[2009/12/02 21:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\MSNInstaller
[2009/12/02 21:00:07 | 00,000,000 | ---D | C] -- C:\95f68d2ffe30c13af7d76c3b3815
[2009/12/02 20:41:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/02 20:30:14 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2009/12/02 15:53:52 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/12/02 15:53:50 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/02 15:53:49 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/02 15:53:47 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/02 15:51:03 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/02 15:50:58 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/02 15:50:32 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/02 15:49:39 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/02 15:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/12/02 12:05:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/12/01 00:40:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Malwarebytes
[2009/12/01 00:39:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/01 00:39:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 00:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/01 00:21:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPQ
[2009/11/30 23:29:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/11/30 23:23:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/11/30 23:23:33 | 00,000,000 | ---D | C] -- C:\Program Files\Snapshot Viewer
[2009/11/30 23:12:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft Web Folders
[2009/11/29 11:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HpUpdate
[2009/11/29 11:27:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2009/11/29 09:27:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Adobe
[2009/11/29 09:19:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/11/29 09:19:55 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/11/28 21:08:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Yahoo!
[2009/11/28 21:08:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPAppData
[2009/11/28 10:17:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HP
[2009/11/28 10:15:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\HP
[2009/11/28 10:08:06 | 00,049,920 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2009/11/28 10:08:06 | 00,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2009/11/28 10:07:35 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l5mu.dll
[2009/11/28 10:07:34 | 00,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2009/11/28 10:07:26 | 00,021,568 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2009/11/28 10:06:55 | 00,729,088 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax4.dll
[2009/11/28 10:06:55 | 00,593,920 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtscl3.dll
[2009/11/28 10:06:55 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2009/11/28 10:06:55 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/11/28 10:06:55 | 00,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2009/11/28 09:52:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/28 06:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Sun
[2009/11/28 02:01:53 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\UserData
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Macromedia
[2009/11/27 22:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Adobe
[2009/11/27 22:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple
[2009/11/27 22:12:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Apple Computer
[2009/11/27 22:01:00 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/27 22:00:47 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:40 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/27 22:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/27 22:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/27 21:55:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\Downloads
[2009/11/27 21:52:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Mozilla
[2009/11/27 21:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Mozilla
[2009/11/27 21:43:41 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/27 21:31:08 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/27 21:30:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2009/11/27 21:30:39 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Recent
[2009/11/27 21:30:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\PhraseExpress
[2009/11/27 21:30:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\PhraseExpress
[2009/11/27 21:20:08 | 00,000,000 | --SD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\SendTo
[2009/11/27 21:20:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Start Menu
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Videos
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Pictures
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents\My Music
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\My Documents
[2009/11/27 21:20:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Favorites
[2009/11/27 21:20:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Cookies
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Templates
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\PrintHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\NetHood
[2009/11/27 21:20:08 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\WINDOWS
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Wildtangent
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Real
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Microsoft
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Intuit
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\Identities
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\Google
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\ApplicationHistory
[2009/11/27 21:20:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}
[2009/11/17 17:53:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/11/16 18:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/11/16 18:47:14 | 00,000,000 | ---D | C] -- C:\Program Files\XfireXO
[2009/11/11 18:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2009/11/11 18:14:01 | 01,373,528 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzshl01.exe
[2009/11/11 18:14:00 | 01,140,056 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\hpzmsi01.exe
[2009/11/11 18:13:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2009/11/11 04:42:14 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/11/09 16:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/11/09 16:43:58 | 00,000,000 | ---D | C] -- C:\Program Files\ComcastUI
[2005/09/24 09:49:16 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2009/12/07 19:37:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job
[2009/12/07 18:40:25 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/12/07 18:35:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/07 18:35:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/07 18:35:12 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 18:34:06 | 05,767,168 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/12/07 18:34:06 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/12/07 16:38:51 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/07 16:38:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/12/07 16:01:16 | 46,334,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/07 16:00:44 | 00,116,698 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/07 02:00:00 | 00,000,336 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/12/05 17:56:48 | 00,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\NTREGOPT.lnk
[2009/12/05 17:56:48 | 00,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ERUNT.lnk
[2009/12/05 17:31:37 | 00,343,040 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\TFC.exe
[2009/12/05 11:41:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091207-160708.backup
[2009/12/05 10:41:35 | 00,536,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\OTL.exe
[2009/12/04 03:02:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/03 21:09:38 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091205-103327.backup
[2009/12/03 18:23:32 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-210938.backup
[2009/12/03 17:46:05 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/03 17:46:05 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/03 17:46:05 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/03 17:40:41 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 17:39:29 | 01,577,792 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\IconCache.db
[2009/12/03 16:35:32 | 00,000,058 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2009/12/03 16:35:32 | 00,000,020 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/12/03 16:28:31 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:23:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/03 16:22:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 16:18:14 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 16:06:01 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/12/02 21:02:39 | 00,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/12/02 21:02:24 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
[2009/12/02 20:28:11 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/12/02 16:32:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/01 20:42:53 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091203-182332.backup
[2009/12/01 11:30:00 | 00,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/12/01 00:39:54 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/01 00:04:11 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/11/30 23:26:10 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/30 23:15:04 | 00,000,608 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/30 23:14:54 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/30 21:37:33 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091201-204253.backup
[2009/11/30 20:48:25 | 00,139,264 | ---- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpzjrd01.dll
[2009/11/29 11:33:53 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/29 08:24:02 | 00,000,145 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/28 11:14:16 | 00,004,095 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2009/11/28 10:59:20 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091130-213733.backup
[2009/11/28 10:56:41 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105920.backup
[2009/11/28 10:55:00 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105641.backup
[2009/11/28 10:54:02 | 00,358,509 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091128-105500.backup
[2009/11/28 10:24:15 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:15:24 | 00,176,731 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2009/11/28 10:06:01 | 00,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/11/28 10:05:10 | 00,002,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:57:27 | 00,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/11/27 22:15:58 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:00:47 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/27 22:00:47 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/27 22:00:47 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:40 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/27 22:00:36 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:36 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/27 22:00:30 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 21:31:30 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/27 21:29:00 | 00,001,835 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:19:03 | 00,001,111 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/27 21:18:32 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/27 21:17:47 | 00,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/11/26 10:10:28 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/20 19:05:42 | 00,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009/11/17 17:53:55 | 00,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBook Library.lnk
[2009/11/16 18:46:53 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/11 18:41:15 | 00,176,399 | ---- | M] () -- C:\WINDOWS\hpwins19.dat.temp
[2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/11/09 16:43:59 | 00,001,996 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Software.lnk

========== Files Created - No Company Name ==========

[2009/12/07 16:11:37 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/07 16:11:36 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/07 16:11:36 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/07 16:11:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/07 16:11:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/05 17:56:48 | 00,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\NTREGOPT.lnk
[2009/12/05 17:56:48 | 00,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\ERUNT.lnk
[2009/12/03 16:28:31 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk
[2009/12/03 16:28:31 | 00,000,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2009/12/03 16:22:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Ÿ;Ÿ;
[2009/12/03 01:55:46 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/12/03 01:54:31 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2009/12/03 01:53:29 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/12/03 01:53:10 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/12/02 21:10:57 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Windows Messenger.lnk
[2009/12/01 00:39:54 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 23:14:54 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/11/29 11:39:05 | 00,002,253 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Application Data\HPSU_48BitScanUpdate.log
[2009/11/29 11:33:53 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/11/28 10:24:15 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Desktop\Spybot - Search & Destroy.lnk
[2009/11/28 10:03:28 | 00,001,971 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2009/11/28 09:49:09 | 00,176,399 | ---- | C] () -- C:\WINDOWS\hpwins19.dat.temp
[2009/11/28 09:49:09 | 00,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat.temp
[2009/11/27 22:15:58 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/11/27 22:13:49 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/27 22:00:47 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/27 22:00:36 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/27 22:00:30 | 46,334,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/27 22:00:30 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/27 22:00:30 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/27 22:00:30 | 00,116,698 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/27 21:28:57 | 00,001,835 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_ER190AA-ABA s7420n_YC_0Pavi_QCNH613_E62NAemMPA1_48_IOnyx2_SASUSTeK Computer INC._V1.xx_B3.06_T051028_WXP2_L409_M1016_J250_7Intel_8Pentium M_91.7_#060810_N80861064_Z11C10620_G80862582.MRK
[2009/11/27 21:28:55 | 10,646,85568 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/27 21:20:09 | 00,000,145 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\Local Settings\Application Data\fusioncache.dat
[2009/11/27 21:20:08 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\ntuser.ini
[2009/11/27 21:20:07 | 05,767,168 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.STEPH\NTUSER.DAT
[2009/11/27 21:18:28 | 00,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN.lnk
[2009/11/27 21:18:28 | 00,001,471 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2009/11/27 21:18:28 | 00,000,908 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2009/11/17 17:53:55 | 00,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBook Library.lnk
[2009/11/16 18:46:53 | 00,000,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[2009/11/11 18:24:36 | 00,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2009/11/11 18:23:58 | 00,002,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2009/11/11 18:14:00 | 00,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/11/11 18:10:41 | 00,176,731 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2009/11/11 18:10:40 | 00,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2009/11/09 16:43:59 | 00,001,996 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Software.lnk
[2009/07/18 02:19:16 | 00,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/07/18 02:19:15 | 00,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2009/05/30 17:06:31 | 00,000,078 | ---- | C] () -- C:\WINDOWS\DUXBURY.INI
[2009/04/23 05:24:16 | 00,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2008/04/26 11:40:49 | 00,000,157 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/04/26 11:39:32 | 00,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2007/12/31 15:24:20 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/09/16 11:49:38 | 14,459,752 | ---- | C] () -- C:\Program Files\bloodgulch.map
[2007/08/11 15:16:20 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2007/08/11 15:10:16 | 00,000,037 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/07/14 15:40:30 | 00,000,716 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2007/07/14 15:40:30 | 00,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2007/04/30 17:19:50 | 00,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/17 17:22:37 | 00,000,158 | ---- | C] () -- C:\WINDOWS\civ.ini
[2007/04/14 02:23:32 | 00,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/31 13:12:11 | 00,000,482 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/09/30 17:38:58 | 01,483,776 | ---- | C] () -- C:\WINDOWS\MGXRDR32.DLL
[2006/08/11 19:40:23 | 00,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/11 19:40:06 | 00,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/08/11 18:31:02 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/11 18:27:58 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/07 04:15:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/07 03:50:22 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/07 03:45:07 | 00,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/07 03:44:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/07 03:42:32 | 00,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/07 03:39:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/07 03:29:15 | 00,004,095 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/07 03:27:51 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/07 03:12:14 | 00,003,257 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/07 03:11:10 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/07 03:07:07 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/07 02:43:41 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/03/07 02:43:41 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/03/07 02:43:22 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 15:03:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 23:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 01:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 08:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/06 16:42:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\A3W.ini
[2001/07/07 00:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/12/04 04:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/11/28 10:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2006/03/07 03:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2009/08/16 15:21:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2008/10/01 22:29:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2008/05/12 21:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/08/25 15:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2008/12/25 22:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2008/12/25 22:53:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Marlin
[2007/10/18 20:21:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/08/16 15:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2008/08/31 12:10:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2009/03/27 23:17:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhraseExpress
[2009/07/21 23:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2007/09/29 20:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/03 16:28:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/09/08 11:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/11/30 23:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/08/24 20:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Online
[2009/06/09 21:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/27 21:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/06 20:38:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/12/14 08:46:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2009/12/07 19:37:00 | 00,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8AE34196-C4A1-4BC3-A0AB-93FB233240C5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2006/12/22 10:23:37 | 11,392,321 | ---- | M] () -- C:\WinGizmo-LJ-2-0-2-227.exe


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2009/12/07 16:14:38 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=1494C60EE680E8E79A2D3E25D5FE50FF -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/03 06:39:32 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/09 22:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2004/08/04 07:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/09 22:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\hp\drivers\Intel_5_1_0_1022_PV\iastor.sys
[2005/06/17 07:33:40 | 00,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 12:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/09 22:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/09 22:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3AE3CF4E
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:481DAC2B
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/07 19:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA302F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\$avg\$chjw\04febc6e-c6e9-4cd2-81c1-8851c95b6306
Status: Size mismatch (API: 3616128, Raw: 3289216)

Path: c:\$avg\$chjw\1a53f710-ec52-4ef0-888d-0632198e5f50
Status: Size mismatch (API: 3478180, Raw: 3317700)

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

==EOF==
  • 0

#8
Perplexus
Posted 08 December 2009 - 08:15 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
The infections these days are getting sneaky! Let's do this:

------------------
Step 1:
------------------

We need to create a clean copy of the file we are going to replace.

Open notepad and copy/paste the text in the code box below into it.
@echo off
copy C:\WINDOWS\ServicePackFiles\i386\atapi.sys C:\atapi.sys
del %0
exit
Click File > Save As... and in the dropdown box for Save as type select All Files
Then in the File name box type copy.bat and hit Save

This will create a batch file name copy.bat on your desktop.

Double click copy.bat to run it. You may see a black box appear, this is normal.

------------------
Step 2:
------------------

  • 1. Restart your computer.
  • 2. Before Windows loads, you will be prompted to choose which Operating System to start.
  • 3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  • 4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'
  • 5. At the C:\Windows prompt, type the following bolded entries, and press 'Enter' (note the spaces):

    cd \

    copy c:\atapi.sys c:\windows\system32\drivers\

  • 6. Type y to the prompt and press 'Enter'.
  • 7. Type exit and press 'Enter'. Your computer should reboot.

------------------
Step 3:
------------------

Download LockSearch to your desktop
  • Double-click LockSearch.exe
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

------------------
Step 4:
------------------

Please post back with the following:
  • How your machine is running
  • LockSearch log

  • 0

#9
cronemage
Posted 08 December 2009 - 04:56 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay. I did the copy.bat, but when I restarted windows, there was no prompt for the operating system. All I got was the blue screen with the F keys for system recovery, etc., then windows started. I don't know how to find the Microsoft Windows recovery console from there.
  • 0

#10
Perplexus
Posted 08 December 2009 - 05:38 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Did you allow ComboFix to install the Recovery Console? If not, rerun ComboFix and allow it to do so. Then you should be able to access it when rebooting. If not, do you have your original windows disc?
  • 0

Advertisements

#11
cronemage
Posted 08 December 2009 - 08:07 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I never got that prompt in combofix to add the console. Would it help to totally uninstall combofix and try again?
  • 0

#12
Perplexus
Posted 08 December 2009 - 08:19 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
It must be installed already, but let's make sure. Here are some instructions to install it manually. Give that a go and let me know how it goes :)

http://www.bleepingc...utorial117.html
  • 0

#13
cronemage
Posted 08 December 2009 - 09:37 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay. I installed the console, but got a message: "The option to upgrade will not be available at this time because Setup was unable to load the file d:\i386\WINNTUPG\NETUPGD.DLL. Cannot find the file specified."

When I restarted the computer it went right to the windows XP screen again without the operating system prompt. Guess I've got to try to remember the "safe place" I stashed my diskes?

Sorry I'm such a PITA
  • 0

#14
Perplexus
Posted 08 December 2009 - 09:51 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
You are no PITA :) This is all common practice when dealing with infections :)

Let's try this a different way:

------------------
Step 1:
------------------

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\atapi.sys | c:\windows\system32\drivers\atapi.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.

------------------
Step 2:
------------------

Go Back to Step 3 of my previous instructions and run LockSearch

------------------
Step 3:
------------------

Please post back with the following:
  • How your machine is running
  • c:\avenger.txt
  • LockSearch log

  • 0

#15
cronemage
Posted 08 December 2009 - 10:09 PM

cronemage

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
It's running a little slow, but so far I haven't been redirected out of google. Here's the logs:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not move file "C:\atapi.sys"
File move operation "C:\atapi.sys|c:\windows\system32\drivers\atapi.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.


LockSearch by jpshortstuff (05.11.09.1)
Log created at 22:01 on 08/12/2009 (HP_Administrator)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------

-=E.O.F=-
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP